RE: Tomcat SSL - Issue

2021-09-28 Thread Kumawat, Priyanka
Hello Christopher/Niranjan,

Thankyou very much for the below information !!!
The issue was with the Java version , we needs to upgrade the java version 
inorder to install the cert .
Thankyou again for your support !!!.

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology


-Original Message-
From: Christopher Schultz 
Sent: 22 September 2021 02:53
To: users@tomcat.apache.org
Subject: Re: Tomcat SSL - Issue

Priyanka,

On 9/21/21 13:52, Kumawat, Priyanka wrote:
> Hello Team ,
>
> Please find the error details as below -
>
> The site can't provide a secure connection .
>
> xmotam01.phl.com uses an unsupported protocol
>
> ERR_SSL_VERSION or CIPHER MISMATCH
>
> Unsupported protocol - The client and server don;t support a common
> protocol version.

Many versions of Java 1.7 do not support TLSv1.2. Try running this tool under 
your Java 1.7 environment for some good information:

https://clicktime.symantec.com/3Sz9L481YBNoQcbTNkoLGRP7Vc?u=https%3A%2F%2Fgithub.com%2FChristopherSchultz%2Fssltest

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



AW: Getting SSLPeerUnverifiedException , when using httpclient-4.5.13

2021-09-28 Thread Thomas Hoffmann (Speed4Trade GmbH)
Hello,

it looks like the SAN field of your certificate only contains the IP-address 
10.106.206.143 but not the domain name parthise2.cisco.com.

Chrome already switched in 2017 from the field "common name" to the field 
"subject alternative name",
E.g. 
https://security.stackexchange.com/questions/172626/chrome-requires-san-names-in-certificate-when-will-other-browsers-ie-follow

Best is to get a new certificate with a SAN field containing the domain name.

Greetings,
Thomas

-Ursprüngliche Nachricht-
Von: Parth Parikh -X (parparik - WIPRO LIMITED at Cisco) 
 
Gesendet: Dienstag, 28. September 2021 13:49
An: users@tomcat.apache.org
Betreff: Getting SSLPeerUnverifiedException , when using httpclient-4.5.13

Hi,

I am getting below exception error , when using httpclient-4.5.13 jar ,

javax.net.ssl.SSLPeerUnverifiedException: Certificate for  
doesn't match any of the subject alternative names: [10.106.206.143]
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at 
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at 
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at 
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at 
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at 
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at 
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at 
com.cisco.cpm.infrastructure.softwareupdates.http.HttpExecutor.executeGet(HttpExecutor.java:194)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.remoteServerStatus(CpmPatchUtil.java:1003)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.listPatchesFromAllNodes(CpmPatchUtil.java:551)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchManagement.getInstalledPatches(CpmPatchManagement.java:90)
at 
com.cisco.cpm.admin.infra.action.PatchInstallAction.loadGridData(PatchInstallAction.java:377)

when I changed httpclient jar file from httpclient-4.5.13 to httpclient-4.4 . 
There is no exception error and code just works fine.

Is there any better solution for this error? Will downgrading the version 
impact my application? Please guide me

Thanks and Regards,
Parth Parikh


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Getting SSLPeerUnverifiedException , when using httpclient-4.5.13

2021-09-28 Thread Parth Parikh -X (parparik - WIPRO LIMITED at Cisco)
Hi,

I am getting below exception error , when using httpclient-4.5.13 jar ,

javax.net.ssl.SSLPeerUnverifiedException: Certificate for  
doesn't match any of the subject alternative names: [10.106.206.143]
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at 
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at 
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at 
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at 
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at 
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at 
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at 
com.cisco.cpm.infrastructure.softwareupdates.http.HttpExecutor.executeGet(HttpExecutor.java:194)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.remoteServerStatus(CpmPatchUtil.java:1003)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.listPatchesFromAllNodes(CpmPatchUtil.java:551)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchManagement.getInstalledPatches(CpmPatchManagement.java:90)
at 
com.cisco.cpm.admin.infra.action.PatchInstallAction.loadGridData(PatchInstallAction.java:377)

when I changed httpclient jar file from httpclient-4.5.13 to httpclient-4.4 . 
There is no exception error and code just works fine.

Is there any better solution for this error? Will downgrading the version 
impact my application? Please guide me

Thanks and Regards,
Parth Parikh



manager best practice

2021-09-28 Thread Greg Huber

Hello,

Are there any best practice notes for the manager app?

eg, if include the app in webapps I get a context on my site, do I 
create a long name for the folder (the url) to hide it?


eg folder called reallylongmanager1234567890

so I get http://xxx.site/reallylongmanager1234567890

Or is there a better way?

Cheers Greg


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 9.0 async read becomes blocking with chunked transfer-encoding

2021-09-28 Thread Javateck
Mark,

Thank you very much for the quick fix

Andrew

> On Sep 27, 2021, at 8:54 AM, Mark Thomas  wrote:
> 
> On 27/09/2021 15:55, Mark Thomas wrote:
>>> On 27/09/2021 09:08, Goldengate liu wrote:
>>> Hi Mark,
>>> 
>>>I’m uploading some test files
>> Thanks for the test case. I'm looking at this now.
> 
> Bug found and fixed.
> 
> One thing to note is that with chunked encoding it is possible for you to see 
> isReady() return true only for the subsequent read to return 0 bytes. This 
> happens when just (or only part of) the chunked header is available.
> 
> The sample code you provided handled this correctly.
> 
> The fix will be in the October release round. The release process for that 
> should hopefully start later today.
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org