-----BEGIN PGP SIGNED MESSAGE-----
I'm trying to use JMX to do things with Tomcat Connectors and
ProtocolHandlers. Specifically, I'd like to re-load the keystore
(really certificate) used for an HTTPs connection.
I'm currently using Tomcat 8.0.30 for my testing.
It looks like the ProtocolHandler is really the place where the TLS
configuration is taking effect, and not the Connector, so I'm largely
ignoring the Connector for now. Is that the right choice to make, here?
It seems that calling the pause()/resume() or stop()/start() on the
ProtocolHandler have no effect on resetting the
SSLServerSockeyFactory, which is what would be required to achieve my
goals (update a certificate for a running Tomcat instance).
I suspect I'll have to call init(). When I do this without specifying
bindOnInit=false awful things happen. First, calling init() gets me an
error on stdout that the address is already in use, and then it's
basically not possible to restart the ProtocolHandler after that
point: it's dead as far as I can tell, because you can't call start()
or resume() without getting a whole bunch of errors.
Does that sound like a problem to anyone? I would think that failure
to call init() would leave the ProtocolHandler in an uninitialized
state, but I'm wondering if trying to RE-initialize the
ProtocolHandler should be something that won't damage a
previously-initialized component. When trying to script these types of
connections, having a non-destructive init() might be useful.
So, I set bindOnInit="false" which is documented to unbind on
"stop". When calling stop(), the port continues to be bound by Tomcat.
Calling stop() and then start() throws a BindException. :( Destroying
the ProtocolHandler also leaves the port still bound, and also
(unsurprisingly) destroys the ProtocolHandler.
Stopping the Connector also does not release the port. :( Calling
stop() and then start() also throws a BindException.
At this point, I think I'm stuck. Is there a bug here?
I'm going to upgrade to 8.0.latest and repeat my tests, just in case.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org