Bug report #404 has just been filed. You can view the report at the following URL: <http://znutar.cortexity.com/BugRatViewer/ShowReport/404> REPORT #404 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: serious Confidence: public Environment: Release: 3.2 b7 JVM Release: 1.3 Operating System: Win32 OS Release: Windows 2000 SP1 Platform: x86 Synopsis: addSecureEndpoint in EmbededTomcat does not work. Description: When I looked at the code I saw that the parameters keyFile and keyPass were not being used at all. This probably means that addSecureEndpoint ALWAYS uses the default values of "{user.home}/.keystore" and "changeit". This is VERY bad since developers might not notice this until too late (if they have the keystore file set up like described in server.xml to begin with and then change it later on to use a specified keystore and password, then they start using EmbededTomcat... the may not notice that it's using the wrong keystore... I know... far fetched... but still). Another problem with addSecureEndpoint was that it didn't support client authentication. This is simply due to the fact that EmbededTomcat was developed prior to client authentication support in Tomcat.Title: BugRat Report # 404
BugRat Report # 404
| Project: Tomcat | Release: 3.2 b7 |
| Category: Bug Report | SubCategory: New Bug Report |
| Class: swbug | State: received |
| Priority: medium | Severity: serious |
|
Confidence:
public
|
Submitter:
Stefan Freyr Stefansson ( [EMAIL PROTECTED] )
Date Submitted:
Nov 17 2000, 06:08:18 CST
Responsible:
Z_Tomcat Alias ( [EMAIL PROTECTED] )
- Synopsis:
- addSecureEndpoint in EmbededTomcat does not work.
- Environment: (jvm, os, osrel, platform)
- 1.3, Win32, Windows 2000 SP1, x86
- Additional Environment Description:
- Report Description:
- When I looked at the code I saw that the parameters keyFile and keyPass were not being used at all. This probably means that addSecureEndpoint ALWAYS uses the default values of "{user.home}/.keystore" and "changeit". This is VERY bad since developers might not notice this until too late (if they have the keystore file set up like described in server.xml to begin with and then change it later on to use a specified keystore and password, then they start using EmbededTomcat... the may not notice that it's using the wrong keystore... I know... far fetched... but still). Another problem with addSecureEndpoint was that it didn't support client authentication. This is simply due to the fact that EmbededTomcat was developed prior to client authentication support in Tomcat.
- Workaround:
- null
