https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #12 from Mark Thomas ---
comment #10 looks like the renegotiation issues that were fixed in 1.2.13. I
can't reproduce the issue.
I've tested this with 1.2.14 and various combinations and all now behave as
expected.
Once 1.2.14 is
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #11 from matej.spil...@gmail.com ---
Created attachment 35228
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35228&action=edit
screenshot of a chrome ssl protocl error
--
You are receiving this mail because:
You are the ass
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #10 from matej.spil...@gmail.com ---
I am unable to debug the exact SSL error but I too have a problem with OpenSSL
& NIO (or NIO2) when I have truststoreFile setup.
As soon as I enable certificateVerification I start getting SSL er
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #9 from Rainer Jung ---
I applied the patch, wrapping the new native call in a check for a
UnsatisfiedLinkError to not break compatibility with older tcnative.
I also added one new test and checks to existing tests to detcet, wheth
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #8 from Rainer Jung ---
The patch is based on the native extension committed in r1804622.
Please also note a related fix I noticed when looking at that part of the code
(r1804595).
I started some testing for the attached patch and
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #7 from Rainer Jung ---
Created attachment 35210
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35210&action=edit
TC trunk support adding client CA list from trust managers
--
You are receiving this mail because:
You are t
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #6 from Mark Thomas ---
Currently no trusted certs means trust all. I don't see a reason to change
that.
--
You are receiving this mail because:
You are the assignee for the bug.
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #5 from George Stanchev ---
I don't mean to derail the discussion but we implement a trust-all manager
thats gets injected from the connector attrobutes:
public class AnyCertX509TrustManager implements X509TrustManager {
public
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #4 from Mark Thomas ---
Yes, this is JSSE style config only.
Yes, I was thinking along the lines you describe.
Regarding the custom trust manager, what I think Tomcat needs to do is
replicate what JSSE does which is:
- iterate thr
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #3 from Rainer Jung ---
OK, so the problem is only occuring if JSSE style config is used?
And the attempt would be to read CA certs from the configured truststore, pass
them as raw data to a new method setCACertificateRaw(), whose
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #2 from Mark Thomas ---
I don't think we are calling that method when we are using JSSE config with the
OpenSSL engine. I think we need the equivalent of the call to setCertificateRaw
for the trusted certs.
--
You are receiving th
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #1 from Rainer Jung ---
The OpenSSL call for this should be SSL_CTX_set_client_CA_list() (at least
mod_ssl in Apache httpd uses it).
We already wired that functionality in tcnative, file native/src/sslcontext.c,
function setCACerti
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
Mark Thomas changed:
What|Removed |Added
Summary|NIO/NIO2 + OpenSSL |NIO/NIO2 + OpenSSL
|re
14 matches
Mail list logo
