Bug report for Tomcat 7 [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |41007|Opn|Enh|2006-11-20|Can't define customized 503 error page| |43866|New|Enh|2007-11-14|add support for session attribute propagation with| |47242|New|Enh|2009-05-22|request for AJP command line client | |49395|New|Enh|2010-06-06|manager.findLeaks : display the date when the leak| |49821|New|Enh|2010-08-25|Tomcat CLI [PATCH/Contribution] | |50019|New|Enh|2010-09-28|Adding JNDI "lookup-name" support In XML and Resou| |50175|New|Enh|2010-10-28|Enhance memory leak detection by selectively apply| |50234|New|Enh|2010-11-08|JspC use servlet 3.0 features | |50670|New|Enh|2011-01-27|Tribes | RpcChannel | Add option to specify extern| |50944|Ver|Blk|2011-03-18|JSF: java.lang.NullPointerException at com.sun.fac| |51195|New|Enh|2011-05-13|"Find leaks" reports a false positive memory/class| |51423|Inf|Enh|2011-06-23|[Patch] to add a path and a version parameters to | |51587|New|Enh|2011-07-29|Implement status and uptime commands | |51953|New|Enh|2011-10-04|Proposal: netmask filtering valve and filter [PATC| |52381|New|Enh|2011-12-22|Please add OSGi metadata | |52448|New|Enh|2012-01-11|Cache jar indexes in WebappClassLoader to speed up| |52489|New|Enh|2012-01-19|Enhancement request for code signing of war files | |52688|New|Enh|2012-02-16|Add ability to remove old access log files [PATCHE| |52952|New|Enh|2012-03-20|Improve ExtensionValidator handling for embedded s| |53085|New|Enh|2012-04-16|[perf] [concurrency] DefaultInstanceManager.annota| |53387|New|Enh|2012-06-08|SSI: Allow to use $1 to get result of regular expr| |53411|Opn|Enh|2012-06-13|NullPointerException in org.apache.tomcat.util.buf| |53492|New|Enh|2012-07-01|Make JspC shell multithreaded | |53553|New|Enh|2012-07-16|[PATCH] Deploy uploaded WAR with context.xml from | |53620|New|Enh|2012-07-30|[juli] delay opening a file until something gets l| |54499|New|Enh|2013-01-29|Implementation of Extensible EL Interpreter | |54802|New|Enh|2013-04-04|Provide location information for exceptions thrown| |55104|New|Enh|2013-06-16|Allow passing arguments with spaces to Commons Dae| |55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star| |55477|New|Enh|2013-08-23|Add a solution to map an realm name to a security | |56148|New|Enh|2014-02-17|support (multiple) ocsp stapling | |56181|New|Enh|2014-02-23|RemoteIpValve & RemoteIpFilter: HttpServletRequest| |56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation| |56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co| |56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta| |56787|New|Enh|2014-07-29|Simplified jndi name parsing | |57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the| |57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta| |57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due| |57892|New|Enh|2015-05-05|Log once a warning if a symbolic link is ignored (| |58338|New|Nor|2015-09-07|BasicDataSourceFactory uses wrong attribute name | |59716|New|Enh|2016-06-17|Allow JNDI configuration of CorsFilter| |60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli| |60944|Inf|Nor|2017-03-30|Tomcat Production Issue connections in CLOSE_WAIT | |61992|Inf|Cri|2018-01-12|DOS after "Error parsing HTTP request header" mess| |61993|New|Min|2018-01-12|org.apache.tomcat.util.ByteChunk throws NegativeAr| +-+---+---+--+--+ | Total 46 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: d
Bug report for Tomcat 9 [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |47467|New|Enh|2009-07-02|Deployment of the war file by URL when contextpath| |48672|New|Enh|2010-02-03|Tomcat Virtual Host Manager (/host-manager) needs | |57505|New|Enh|2015-01-27|Add integration tests for JspC| |57661|New|Enh|2015-03-04|Delay sending of 100 continue response until appli| |58242|New|Enh|2015-08-13|Scanning jars in classpath to get annotations in p| |58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI | |58548|New|Enh|2015-10-26|support certifcate transparency | |58590|New|Enh|2015-11-05|org.apache.catalina.realm.MemoryRealm can use back| |58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T| |59203|New|Enh|2016-03-21|Try to call Thread.interrupt before calling Thread| |59344|Ver|Enh|2016-04-18|PEM file support for JSSE | |59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means | |59901|New|Enh|2016-07-26|Reduce I/O associated with JSP compilation| |60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an| |61171|New|Enh|2017-06-09|Add port offset attribute (portOffset?) to Server | |61683|Inf|Nor|2017-10-27|NullPointerException in ErrorReportValve while exe| |61692|New|Enh|2017-10-28|CGIServlet should handle additional HTTP methods, | |61971|New|Enh|2018-01-06|documentation for using tomcat with systemd | +-+---+---+--+--+ | Total 18 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Modules [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen| |51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho| |51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods | |52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o| |53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe| |54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int| |54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang| |55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ| |55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di| |56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p| |56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio| |56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr| |56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =| |56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue| |56779|New|Nor|2014-07-28|Allow multiple connection initialization statement| |56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti| |56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i| |56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f| |56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl| |56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic| |56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat| |56974|New|Nor|2014-09-12|jdbc-pool validation query defaultAutoCommit statu| |57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem| |57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e| |58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti| |59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source | |59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect | |59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec| |60195|New|Nor|2016-10-02|No javadoc in Maven Central | |60522|New|Nor|2016-12-27|An option for setting if the transaction should be| |60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68 | |60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe | |61032|New|Nor|2017-04-24|min pool size is not being respected | |61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional | |61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy| |61303|New|Enh|2017-07-15|Refactoring of ConnectionPool | +-+---+---+--+--+ | Total 36 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Connectors [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca| |47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A| |47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j| |47795|New|Maj|2009-09-07|service sticky_session not being set correctly wit| |48564|New|Enh|2010-01-18|Allow to turn off retries for LB worker | |48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv| |49063|New|Enh|2010-04-07|Please add JkStripSession status in jk-status work| |49822|New|Enh|2010-08-25|Add hash lb worker method | |49903|New|Enh|2010-09-09|Make workers file reloadable | |52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus| |53883|New|Maj|2012-09-17|isapi_redirect v 1.2.37 crashes w3wp.exe on the p| |53977|New|Maj|2012-10-07|32bits isapi connector cannot work in wow64 mode | |54027|New|Cri|2012-10-18|isapi send request to outside address instead of i| |54117|New|Maj|2012-11-08|access violation exception in isapi_redirect.dll | |54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks | |56489|New|Enh|2014-05-05|Include a directory for configuration files | |56576|New|Enh|2014-05-29|Websocket support | |57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce| |57403|New|Enh|2014-12-30|Persist configuration changes made via status work| |57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook| |57790|New|Enh|2015-04-03|Check worker names for typos | |57946|New|Nor|2015-05-23|Configuration example for mod_jk should be updated| |58287|New|Nor|2015-08-26|Questionable use of "Global" objects on Windows | |59897|New|Nor|2016-07-25|Buffer Overflow in FD_SET in nb_connect (jk_connec| |60240|New|Min|2016-10-11|Duplicate initialization log entry in mod_jk.log | |60745|New|Nor|2017-02-18|False positive: Somebody try to hack into the site| |61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value| |61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t| +-+---+---+--+--+ | Total 28 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Taglibs [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field | |38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)| |42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements | |46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l| |48333|New|Enh|2009-12-02|TLD generator | |57434|New|Nor|2015-01-11|Race condition in EL1.0 validation| |57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta| |57684|New|Min|2015-03-10|Version info should be taken from project version | |59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be| |59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in| |61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed | +-+---+---+--+--+ | Total 11 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 8 [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |51497|New|Enh|2011-07-11|Use canonical IPv6 text representation in logs| |53737|Opn|Enh|2012-08-18|Use ServletContext.getJspConfigDescriptor() in Jas| |53930|New|Enh|2012-09-24|allow capture of catalina stdout/stderr to a comma| |54700|New|Enh|2013-03-15|Improvement: Add support for system property to sp| |54741|New|Enh|2013-03-22|Add org.apache.catalina.startup.Tomcat#addWebapp(S| |55243|New|Enh|2013-07-11|Add special search string for nested roles| |55252|New|Enh|2013-07-12|Separate Ant and command-line wrappers for JspC | |55383|New|Enh|2013-08-07|Improve markup and design of Tomcat's HTML pages | |9|New|Enh|2013-09-14|UserDatabaseRealm enhacement: may use local JNDI | |55675|New|Enh|2013-10-18|Checking and handling invalid configuration option| |55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp| |55969|New|Enh|2014-01-07|Security-related enhancements to the Windows Insta| |56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia| |56361|New|Enh|2014-04-08|org.apache.tomcat.websocket.WsWebSocketContainer#b| |56398|New|Enh|2014-04-11|Support Arquillian-based unit testing | |56399|New|Enh|2014-04-11|Re-factor request/response recycling so Coyote and| |56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components| |56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S| |56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi| |56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.| |56676|New|Enh|2014-06-26|Normalize access to native library| |56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap| |56724|New|Enh|2014-07-15|Restart Container background thread if it died une| |56890|Inf|Maj|2014-08-26|getRealPath returns null | |56966|New|Enh|2014-09-11|AccessLogValve's elapsed time has 15ms precision o| |57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or | |57287|New|Enh|2014-11-29|Sort files listed by DefaultServlet | |57421|New|Enh|2015-01-07|Farming default directories | |57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances| |57665|New|Enh|2015-03-05|support x-forwarded-host | |57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio| |57830|New|Enh|2015-04-18|Add support for ProxyProtocol | |58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir| |58072|New|Enh|2015-06-23|ECDH curve selection | |58433|New|Enh|2015-09-21|RemoteIpValve not activated on redirect from mappi| |58577|New|Enh|2015-11-03|JMX Proxy Servlet can't handle overloaded methods | |58837|New|Enh|2016-01-12|support "X-Content-Security-Policy" a.k.a as "CSP"| |58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context | |59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI| |59423|New|Enh|2016-05-03|amend "No LoginModules configured for ..." with hi| |59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo| |60281|Ver|Nor|2016-10-20|Pathname of uploaded WAR file should not be contai| |60511|Inf|Maj|2016-12-22|org.apache.coyote.ajp.AjpNio2Protocol sends wrong | |60560|New|Enh|2017-01-07|Support systemd/inetd style socket activation | |60721|Ver|Nor|2017-02-10|Unable to find key spec if more applications use b| |60781|New|Nor|2017-02-27|Access Log Valve does not escape the same as mod_l| |60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego| |61524|Inf|Maj|2017-09-15|NullPointerException in Http11OutputBuffer| |61632|New|Enh|2017-10-18|Improve search for tcnative-1.dll on Windows when | |61668|Ver|Min|2017-10-26|Possible NullPointerException in org.apache.coyote| |61751|Inf|Nor|2017-11-13|NIO2 connector cuts incoming request | |61877|
Bug report for Tomcat Native [2018/01/14]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |53940|New|Enh|2012-09-27|Added support for new CRL loading after expiration| |56378|New|Nor|2014-04-09|Cert load fails if cert is located in path with no| |57815|New|Enh|2015-04-15|Improve error message when OpenSSL does not suppor| |58194|Inf|Maj|2015-07-30|Tomcat crash EXCEPTION_ACCESS_VIOLATION in tcnativ| |59286|New|Nor|2016-04-07|Socket binding failures when using APR| +-+---+---+--+--+ | Total5 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #10 from marian.romasc...@nuance.com --- One more thing observed in the trace - with the combined realm the DNS requests for the SRV records _ltap._tcp.testdomain1.example.org and _ldap._tcp.testdomain2.example.org are done at the very beginning, when the 2 JNDIRealm are initialized, before any SSO request. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #9 from marian.romasc...@nuance.com --- A bit too quick in crying victory. Here is the scenario: - using CombinedRealm with 2 JNDIREalm * 1 on testdomain1.example.org * 1 on testdomain2.example.org - using the ldap:/// construct for the connectionURL in each JNDIREalm - having different userBase and roleBase in each of the JNDIREalm, like below userBase="OU=ouUserBase1,DC=testdomain1,DC=example,DC=org" roleBase="OU=ouRoleBase1,DC=testdomain1,DC=example,DC=org" userBase="OU=ouUserBase2,DC=testdomain2,DC=example,DC=org" roleBase="OU=ouRoleBase2,DC=testdomain2,DC=example,DC=org" - using a Kerberos SSO config (securityConstraints based on the userBase/roleBase above) Here are the issues observed so far: 1) with the patch the userBase and roleBase above result in LDAP searches with the domain part in double e.g : "OU=ouUserBase1,DC=testdomain1,DC=example,DC=org,DC=testdomain1,DC=example,DC=org" I had to remove the domain parts to move on and make it partially working (see issue #2) userBase="OU=ouUserBase1" roleBase="OU=ouRoleBase1" userBase="OU=ouUserBase2" roleBase="OU=ouRoleBase2" 2) With the above "hack" the first TGS-REQ trying to get an LDAP SPN will be OK w/o a trailing dot in the sname. However 2'nd TGS-REQ (for the other sub-domain) will come with the trailing dot. Does not matter the order - the 1'st can be for testdomain1 or testdomain2, it will work. The 2'nd SSO attempt for the other subdomain, as visible in the Wireshark trace, will produce a TCS-REQ with a ldap SPN sname with a trailing dot Thanks in advance for looking at what might cause the 2 issues above. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #8 from marian.romasc...@nuance.com --- Finally incorporated the patches in the JNDIRealm.jave for Tomcat 8.5.20 (checkout from asf repo) and tested in a "crude" way by simply replacing the JNDIRealm classes in catalina.jar. The trailing dot is gone and the SPN resolution works. Thanks. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61977] JNDIRealm with SPNEGO, GSSAPI and SRV record fails to find LDAP SPN due to training sname period
https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 --- Comment #7 from marian.romasc...@nuance.com --- Hi. Cannot find in the the 8.5 trunk or tags the rev. 1820700. https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm Trying to match the patch with the 8.5 JNDIRealm - I presume it starts at the end of "DirContext open()" just before the return. Please confirm. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "tools/SSLUtils.java" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "tools/SSLUtils.java" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/tools/SSLUtils.java?action=diff&rev1=2&rev2=3 Comment: Replace source file with link to GitHub repository. + This utility has been replaced by a project on GitHub: + https://github.com/ChristopherSchultz/ssltest - {{{ - /* - * SSLUtils.java - * - * Contains useful SSL/TLS methods. - * - * Copyright (c) 2015 Christopher Schultz - * - * Christopher Schultz licenses this file to You under the Apache License, - * Version 2.0 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - import java.io.File; - import java.io.FileInputStream; - import java.io.IOException; - import java.io.InputStream; - import java.net.InetAddress; - import java.net.ServerSocket; - import java.net.Socket; - import java.net.UnknownHostException; - import java.security.InvalidAlgorithmParameterException; - import java.security.KeyManagementException; - import java.security.KeyStore; - import java.security.KeyStoreException; - import java.security.NoSuchAlgorithmException; - import java.security.NoSuchProviderException; - import java.security.SecureRandom; - import java.security.cert.CRL; - import java.security.cert.CRLException; - import java.security.cert.CertPathParameters; - import java.security.cert.CertStore; - import java.security.cert.CertStoreParameters; - import java.security.cert.CertificateException; - import java.security.cert.CertificateFactory; - import java.security.cert.CollectionCertStoreParameters; - import java.security.cert.PKIXBuilderParameters; - import java.security.cert.X509CertSelector; - import java.security.cert.X509Certificate; - import java.util.Collection; - import javax.net.ssl.CertPathTrustManagerParameters; - import javax.net.ssl.HostnameVerifier; - import javax.net.ssl.HttpsURLConnection; - import javax.net.ssl.ManagerFactoryParameters; - import javax.net.ssl.SSLContext; - import javax.net.ssl.SSLServerSocket; - import javax.net.ssl.SSLServerSocketFactory; - import javax.net.ssl.SSLSession; - import javax.net.ssl.SSLSocket; - import javax.net.ssl.SSLSocketFactory; - import javax.net.ssl.TrustManager; - import javax.net.ssl.TrustManagerFactory; - import javax.net.ssl.X509TrustManager; - - /** - * Lots of useful SSL-related goodies. - * - * @author Christopher Schultz - * @author Apache Software Foundation (some code adapted/lifted from Apache Tomcat). - */ - public class SSLUtils - { - public static void disableSSLHostnameVerification() - { - HostnameVerifier verifyEverything = new HostnameVerifier() { - public boolean verify(String hostname, SSLSession session) - { - return true; - } - }; - - HttpsURLConnection.setDefaultHostnameVerifier(verifyEverything); - } - - private static final TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - public X509Certificate[] getAcceptedIssuers() { - return null; - } - public void checkClientTrusted(X509Certificate[] certs, -String authType) { - // Trust all clients - } - public void checkServerTrusted(X509Certificate[] certs, -String authType) { - // Trust all servers - } - } - }; - - public static TrustManager[] getTrustAllCertsTrustManagers() - { - return trustAllCerts.clone(); - } - - /** - * Configures SSLSocketFactory for Java's HttpsURLConnection. - */ - public static void configureHttpsURLConnection(String protocol, -String[] sslEnabledProtocols, -String[] sslCipherSuites, -SecureRandom random, -TrustManager[] tms) - throws NoSuchAlgorithmException, KeyManagementException - { - HttpsURLConnection.setDefaultSSLSocketFactory(getSSLSocketFactory(protocol, - sslEnabledProtocols, -
[Tomcat Wiki] Update of "tools/SSLTest.java" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "tools/SSLTest.java" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/tools/SSLTest.java?action=diff&rev1=4&rev2=5 Comment: Replace source file with link to GitHub repository. + This utility has been replaced by a project on GitHub: + https://github.com/ChristopherSchultz/ssltest - {{{ - /* - * SSLTest.java - * - * Tests servers for SSL/TLS protocol and cipher support. - * - * Copyright (c) 2015 Christopher Schultz - * - * Christopher Schultz licenses this file to You under the Apache License, - * Version 2.0 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - // Note this class requires [[SSLUtils.java]] - import java.io.IOException; - import java.net.InetSocketAddress; - import java.net.Socket; - import java.net.SocketTimeoutException; - import java.security.NoSuchAlgorithmException; - import java.security.Provider; - import java.security.SecureRandom; - import java.security.Security; - import java.security.cert.Certificate; - import java.security.cert.X509Certificate; - import java.util.ArrayList; - import java.util.Arrays; - import java.util.Collections; - import java.util.HashSet; - import java.util.List; - import java.util.Map.Entry; - import javax.net.ssl.SSLContext; - import javax.net.ssl.SSLSocket; - import javax.net.ssl.SSLSocketFactory; - import javax.net.ssl.TrustManager; - - /** - * A driver class to test a server's SSL/TLS support. - * - * Usage: java SSLTest [opts] host[:port] - * - * Try "java SSLTest -h" for help. - * - * This tester will attempts to handshake with the target host with all - * available protocols and ciphers and report which ones were accepted and - * which were rejected. An HTTP connection is never fully made, so these - * connections should not flood the host's access log with entries. - * - * @author Christopher Schultz - */ - public class SSLTest - { - public static void usage() - { - System.out.println("Usage: java " + SSLTest.class + " [opts] host[:port]"); - System.out.println(); - System.out.println("-sslprotocol Sets the SSL/TLS protocol to be used (e.g. SSL, TLS, SSLv3, TLSv1.2, etc.)"); - System.out.println("-enabledprotocols protocols Sets individual SSL/TLS ptotocols that should be enabled"); - System.out.println("-ciphers cipherspec A comma-separated list of SSL/TLS ciphers"); - - System.out.println("-truststore Sets the trust store for connections"); - System.out.println("-truststoretype type Sets the type for the trust store"); - System.out.println("-truststorepassword pass Sets the password for the trust store"); - System.out.println("-truststorealgorithm alg Sets the algorithm for the trust store"); - System.out.println("-truststoreprovider provider Sets the crypto provider for the trust store"); - - System.out.println("-no-check-certificateIgnores certificate errors"); - System.out.println("-no-verify-hostname Ignores hostname mismatches"); - - System.out.println("-h -help --help Shows this help message"); - } - - public static void main(String[] args) - throws Exception - { - int connectTimeout = 0; // default = infinite - int readTimeout = 1000; - - boolean disableHostnameVerification = true; - boolean disableCertificateChecking = true; - - String trustStoreFilename = System.getProperty("javax.net.ssl.trustStore"); - String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); - String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType"); - String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider"); - String trustStoreAlgorithm = null; - String sslProtocol = "TLS"; - String[] sslEnabledProtocols = new String[] { "SSLv2", "SSLv2hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" }; - String[] sslCipherSuites = null; // Default = default for protocol - String crlFilename = null; - boolean showCerts = false; - - if(args.length < 1) - { - usage(); - System.exit(0); - } - - int argIndex; - for(argIndex = 0; argIndex < args.length; ++argIndex) - {