RE: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
> I don't think that will work because you can't read the key out of the > keystore. The keystore API has the getKey(alias,keypass) method that should give you the key. copying the entry could be: KeyStore newks = KeyStore.getInstance("JKS"); newks.load(null, null); newks.setKeyEntry(alias, ks.getKey(alias, keypass), keypass, ks.getCertificateChain(alias)); hth, Frank
RE: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
Hi Thomas, > By far the simplest solution is to have one keystore per private key. so maybe this could go into the docs section. > I find the JSSE API tricky to navigate at the best of times so it is possible > I have missed something. If I have, feel free to point me in the right > direction. Better yet, provide some code that shows how to use > KeyManagerFactory with a keystore that has multiple keys each with a different > password. yes, i also wondered on the API of KMF having only one password on the init method. Could creating a runtime inmemory keystore with the keyentry from the original keystore help? thanks, Frank
RE: Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
Hi Christopher, > > # create 2 entries with different keypass for each entry keytool > > -genkeypair -alias tomcat1 -storepass storepass -keystore > > different.jks -keyalg RSA -keypass tomcat1 -ext san=dns:tomcat1 > > -dname CN=tomcat1 keytool -genkeypair -alias tomcat2 -storepass > > storepass -keystore different.jks -keyalg RSA -keypass tomcat2 -ext > > san=dns:tomcat2 -dname CN=tomcat2 > > What is the password for the keystore itself? my password for the keystore has the value storepass. > > > setup a SSL Connector to use that keystore: > > > > > secure="true" SSLEnabled="true" > >> > > > ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA" > > protocols="all"> > > > > > certificateKeystoreFile="different.jks" > > certificateKeystorePassword="storepass" > > certificateKeyAlias="tomcat2" certificateKeystoreType="JKS" > > certificateKeyPassword="tomcat2" type="RSA" /> > > ... and why don't you have the keystore password set, here? Or did you just > use "changeit"? in the attribute certificateKeystorePassword i'm using the value storepass. IMHO the password is given. Frank
Tomcat 8.5.16 - can't use Java keystore with multiple entries having different keypass for each entry?
Hi all, while playing with some ssl setups i stumbled upon the following behaviour that seems like bug to me ? As long as all keyentries in a keystore have the same password all is fine. Using entries with different password tomcat doesnt startup. For testing: At first create 2 different keystores (same.jks and different.jks) having each 2 entries: # create 2 entries with same keypass for each entry keytool -genkeypair -alias tomcat1 -storepass storepass -keystore same.jks -keyalg RSA -keypass keypass -ext san=dns:tomcat1 -dname CN=tomcat1 keytool -genkeypair -alias tomcat2 -storepass storepass -keystore same.jks -keyalg RSA -keypass keypass -ext san=dns:tomcat2 -dname CN=tomcat2 # create 2 entries with different keypass for each entry keytool -genkeypair -alias tomcat1 -storepass storepass -keystore different.jks -keyalg RSA -keypass tomcat1 -ext san=dns:tomcat1 -dname CN=tomcat1 keytool -genkeypair -alias tomcat2 -storepass storepass -keystore different.jks -keyalg RSA -keypass tomcat2 -ext san=dns:tomcat2 -dname CN=tomcat2 setup a SSL Connector to use that keystore: using the config snippet tomcat fails on startup with the following excpetion: java.lang.IllegalArgumentException: java.security.UnrecoverableKeyException: Cannot recover key at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:982) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:620) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66) at org.apache.catalina.connector.Connector.initInternal(Connector.java:997) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:607) at org.apache.catalina.startup.Catalina.load(Catalina.java:630) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) Caused by: java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70) at java.security.KeyStore.getKey(KeyStore.java:1023) at sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:133) at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:216) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) ... 20 more - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: InvocationTargetException on startup after upgrade to 8.5.13
>I can't reproduce this. It may be configuration related. Please provide the >steps minimal to reproduce this from a clean 8.5.14 install. http://www.glesir.de/~frank/tomcat-startup.zip Sample CATALINA_BASE structure with a prebuilt webapp. To run it you have to adjust the contained runcatalina.bat to point CATALINA_HOME to a clean 8.5.14. On startup you should see the errors mentioned. nevertheless you can invoke https://localhost/test/metrics inside is mvn-tomcat-test.zip that contains the webapp as an mvn project. hope this helps to dig further into it, Frank - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: InvocationTargetException on startup after upgrade to 8.5.13
>Fixed in 9.0.x and 8.5.x for the next release of each. > after upgrading to 8.5.14 the issue still occurs: INFO: Starting Servlet Engine: Apache Tomcat/8.5.14 Apr 25, 2017 1:57:21 AM org.apache.tomcat.util.IntrospectionUtils getProperty WARNING: IntrospectionUtils: InvocationTargetException for class org.apache.coyote.http11.Http11NioProtocol ciphers) java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:196) at org.apache.catalina.connector.Connector.getProperty(Connector.java:272) at sun.reflect.GeneratedMethodAccessor53.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:211) at org.apache.catalina.mbeans.ConnectorMBean.getAttribute(ConnectorMBean.java:88) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:647) at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:678) at io.prometheus.jmx.JmxScraper.scrapeBean(JmxScraper.java:138) at io.prometheus.jmx.JmxScraper.doScrape(JmxScraper.java:107) at io.prometheus.jmx.JmxCollector.collect(JmxCollector.java:320) at io.prometheus.client.CollectorRegistry.collectorNames(CollectorRegistry.java:99) at io.prometheus.client.CollectorRegistry.register(CollectorRegistry.java:50) at io.prometheus.client.Collector.register(Collector.java:128) at io.prometheus.client.Collector.register(Collector.java:121) at de.ifbus.intergator.metrics.JMXMetrics.register(JMXMetrics.java:33) at de.ifbus.intergator.servlet.MetricsModule.configureServlets(MetricsModule.java:34) at com.google.inject.servlet.ServletModule.configure(ServletModule.java:55) at com.google.inject.AbstractModule.configure(AbstractModule.java:62) at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340) at com.google.inject.spi.Elements.getElements(Elements.java:110) at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138) at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104) at com.google.inject.Guice.createInjector(Guice.java:99) at com.google.inject.Guice.createInjector(Guice.java:73) at com.google.inject.Guice.createInjector(Guice.java:62) at de.ifbus.intergator.servlet.AppServletContextListener.getInjector(AppServletContextListener.java:18) at com.google.inject.servlet.GuiceServletContextListener.contextInitialized(GuiceServletContextListener.java:47) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4745) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5207) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: java.lang.NullPointerException at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:215) at org.apache.coyote.http11.AbstractHttp11Protocol.registerDefaultSSLHostConfig(AbstractHttp11Protocol.java:439) at org.apache.coyote.http11.AbstractHttp11Protocol.getCiphers(AbstractHttp11Protocol.java:566) ... 42 more Caused by: java.lang.IllegalArgumentException: java.lang.NullPointerException at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:213) ... 44 more Caused by: java.lang.NullPointerException at java.io.FileInputStream.(FileInputStream.java:130) at java.io.FileInputStream.(FileInputStream.java:93) at java.io.FileReader.(FileReader.java:58) at org.apache.tomcat.util.net.jsse.PEMFile.(PEMFile.java:74) at
RE: InvocationTargetException on startup after upgrade to 8.5.13
hmm my SSL Config didn't change and is part of an CI system that worked with each of the 8.5.X versions until the latest. but will cross check. As the exception occurs during the processing of some JMX beans, i thought that it's somewhere related to #60853 that now exposes the SSLHostConfig and SSLHostConfigCertificate objects via JMX. Frank -Original Message- From: Rémy Maucherat [mailto:r...@apache.org] Sent: Monday, April 03, 2017 11:10 AM To: Tomcat Users List Subject: Re: InvocationTargetException on startup after upgrade to 8.5.13 2017-04-03 10:51 GMT+02:00 Frank Taffelt < frank.taff...@interface-projects.de>: > after upgrading from 8.5.12 to 8.5.13 the following exception is > thrown on startup. > > Caused by: java.lang.NullPointerException > at java.io.FileInputStream.(FileInputStream.java:130) > at java.io.FileInputStream.(FileInputStream.java:93) > at java.io.FileReader.(FileReader.java:58) > at org.apache.tomcat.util.net.jsse.PEMFile.(PEMFile.java:74) > at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers( > JSSEUtil.java:193) > at org.apache.tomcat.util.net.openssl.OpenSSLUtil. > getKeyManagers(OpenSSLUtil.java:79) > at org.apache.tomcat.util.net.AbstractJsseEndpoint. > createSSLContext(AbstractJsseEndpoint.java:112) > ... 45 more > > as my app is running normally this seems more like a minor issue ? > > There is no relevant changes in 8.5.13, and your SSL configuration is probably invalid. Rémy
InvocationTargetException on startup after upgrade to 8.5.13
after upgrading from 8.5.12 to 8.5.13 the following exception is thrown on startup. WARNING: IntrospectionUtils: InvocationTargetException for class org.apache.coyote.http11.Http11NioProtocol ciphers) java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:196) at org.apache.catalina.connector.Connector.getProperty(Connector.java:272) at sun.reflect.GeneratedMethodAccessor53.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:211) at org.apache.catalina.mbeans.ConnectorMBean.getAttribute(ConnectorMBean.java:88) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:647) at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:678) at io.prometheus.jmx.JmxScraper.scrapeBean(JmxScraper.java:138) at io.prometheus.jmx.JmxScraper.doScrape(JmxScraper.java:107) at io.prometheus.jmx.JmxCollector.collect(JmxCollector.java:320) at io.prometheus.client.CollectorRegistry.collectorNames(CollectorRegistry.java:99) at io.prometheus.client.CollectorRegistry.register(CollectorRegistry.java:50) at io.prometheus.client.Collector.register(Collector.java:128) at io.prometheus.client.Collector.register(Collector.java:121) at de.ifbus.intergator.metrics.JMXMetrics.register(JMXMetrics.java:33) at de.ifbus.intergator.servlet.MetricsModule.configureServlets(MetricsModule.java:34) at com.google.inject.servlet.ServletModule.configure(ServletModule.java:55) at com.google.inject.AbstractModule.configure(AbstractModule.java:62) at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340) at com.google.inject.spi.Elements.getElements(Elements.java:110) at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138) at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104) at com.google.inject.Guice.createInjector(Guice.java:99) at com.google.inject.Guice.createInjector(Guice.java:73) at com.google.inject.Guice.createInjector(Guice.java:62) at de.ifbus.intergator.servlet.AppServletContextListener.getInjector(AppServletContextListener.java:18) at com.google.inject.servlet.GuiceServletContextListener.contextInitialized(GuiceServletContextListener.java:47) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4745) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5207) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: java.lang.NullPointerException at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:215) at org.apache.coyote.http11.AbstractHttp11Protocol.registerDefaultSSLHostConfig(AbstractHttp11Protocol.java:439) at org.apache.coyote.http11.AbstractHttp11Protocol.getCiphers(AbstractHttp11Protocol.java:566) ... 42 more Caused by: java.lang.IllegalArgumentException: java.lang.NullPointerException at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:213) ... 44 more Caused by: java.lang.NullPointerException at java.io.FileInputStream.(FileInputStream.java:130) at java.io.FileInputStream.(FileInputStream.java:93) at java.io.FileReader.(FileReader.java:58) at org.apache.tomcat.util.net.jsse.PEMFile.(PEMFile.java:74) at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:193) at
RE: AW: wrong request.getServerPort value reported on upgraded HTTP/2 connector ?
that was fast. thanks. Frank -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, June 29, 2016 3:41 PM To: Tomcat Users List Subject: Re: AW: wrong request.getServerPort value reported on upgraded HTTP/2 connector ? On 29/06/2016 09:49, Mark Thomas wrote: > On 29/06/2016 07:50, Frank Taffelt wrote: >> i have no other connectors than the one on port 443. > > I can reproduce this. I'll look at getting this fixed for the next release. Fixed. The fix will be in 9.0.0.M9 onwards and 8.5.4 onwards. Mark > > Mark > > >> >> -Ursprüngliche Nachricht- >> Von: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Gesendet: Dienstag, 28. Juni 2016 17:56 >> An: Tomcat Users List >> Betreff: Re: wrong request.getServerPort value reported on upgraded HTTP/2 >> connector ? >> >> Frank, >> >> On 6/28/16 11:02 AM, Frank Taffelt wrote: >>> Calling the method request.getServerPort() returns 80 on http/2 >>> upgraded requests for the https connector. I would expect that this >>> method should return 443 in these calls. My current workarround is >>> to disable the APR Listener as this results in correct value for the >>> https connector. So is this a bug? >> >> Definitely seems like a bug. You have no other connectors defined other than >> the one on port 443? >> >> -chris >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: wrong request.getServerPort value reported on upgraded HTTP/2 connector ?
i have no other connectors than the one on port 443. -Ursprüngliche Nachricht- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Dienstag, 28. Juni 2016 17:56 An: Tomcat Users List Betreff: Re: wrong request.getServerPort value reported on upgraded HTTP/2 connector ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Frank, On 6/28/16 11:02 AM, Frank Taffelt wrote: > Calling the method request.getServerPort() returns 80 on http/2 > upgraded requests for the https connector. I would expect that this > method should return 443 in these calls. My current workarround is to > disable the APR Listener as this results in correct value for the > https connector. So is this a bug? Definitely seems like a bug. You have no other connectors defined other than the one on port 443? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXcp4aAAoJEBzwKT+lPKRYfwgP/isAFGcsIB0XcgY/SCzVYdas WO0gBJmDl8IiDG7ALYQ+XZqvCaZZbQRvLZ5se6gx9UGbnpKqTV27j51kSEKb9txE sat8y7JmYlwrnTrxu6vDgPYHODYs+tI7ilYC02YSBth9v9E6I14egEV7bEv5H0F4 zYavdyO8jUFDFnv/tqllPfu0vm58BSHZnGHJcnSLU3hqijJOcS1edEq+jzj/xAJr GtMi8ehI2RMSGq5nizl5Yc3zuc3jlsvilpPSc3ygqJfNltKBKDnNivUPWONF4ozS Ibl6o1Rs8hs132xZka1OPI3+BlTc9HkQgHU3jvrQlfkWzNjv6ogM6Q5B76Jgv65T li65XFLmw9x6SdUWn93S4FIQIJs/rYoJyX53ZwSlHiONFZh2C4KlDCzQPJ6iMt5z UdQeUHCHZ2xZURmScSpVAOkyGog6V84kHtaDVPgD8+umNBqA+ujy7abDb6ZdKDuC Yke6RssFatQmWBGJkp3JORPOIq1C1sNh64Gd1hz8U17kHK0zmffYis5aqeFPxUxr 2jEz1VAbsZULDclpWi2JW4TKezVrOykmQ4Dmgz//OOKeXW1XCwtaigK/c3XSv95D cm3tpaGUsdhLUM75YaK/H1sLKwVyav6rubYrXWmKvTOPgO4sd3DlXFbW5T7NT+CR ikuriVBWliBg8rb61KlH =b+VE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
wrong request.getServerPort value reported on upgraded HTTP/2 connector ?
Calling the method request.getServerPort() returns 80 on http/2 upgraded requests for the https connector. I would expect that this method should return 443 in these calls. My current workarround is to disable the APR Listener as this results in correct value for the https connector. So is this a bug? so here is my config: Tomcat: 8.5.3 OS: Win7 (64bit) tcnative: 1.2.7 Java Version: 1.8.0_92-b14 parts from my server.xml: * active APR Listener * connector: Thanks, Frank