You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2009/05/21 12:58:56 UTC

DO NOT REPLY [Bug 47231] New: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html improvements

https://issues.apache.org/bugzilla/show_bug.cgi?id=47231

           Summary: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
                    improvements
           Product: Tomcat 6
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: sebb@apache.org


I find the page http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html quite
difficult to use, and confusing.

The top of the page says:

"This Howto refers to usage of JSSE, that comes included with jdk 1.5 and
higher. When using APR, Tomcat will use OpenSSL, which uses a different
configuration."

This implies that the APR description is to be found elsewhere, however there
is no link, and in fact, the APR settings are described further down the page.

[Also, surely JSSE is included in Java 1.4+? (and it does not have to be jdk,
jre will do).]

==

I found the section headed "Edit the Tomcat Configuration File" confusing.

The configuration details for APR and JSSE are intermixed, and the table
showing the attributes only mentions common or JSSE atributes, the APR-only
ones are not mentioned.

IMO it would be better to have an introductory paragraph which describes the
two different methods, and how to choose between them, and then explain how to
set each of them up. The attributes table could have an extra column showing
which entries are JSSE, APR or common.

==

I can provide a patch; please let me know if that would be useful.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 47231] http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html improvements

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47231





--- Comment #3 from Sebb <se...@apache.org>  2009-05-27 16:05:38 PST ---
Created an attachment (id=23721)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23721)
Patch to SSL Howto

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 47231] http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html improvements

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47231





--- Comment #2 from Mark Thomas <ma...@apache.org>  2009-05-27 05:25:21 PST ---
Created an attachment (id=23719)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23719)
Tomcat / OpenSSL how-to

Feel free to make as much or as little use of the attached how-to as you see
fit.

Note 1: You can use the separate pem encoded key and cert files directly with
the APR/native SSL connector.

Note 2: These were only ever meant to be personal notes for my test
environment. I haven't checked for typos, unsafe settings etc.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 47231] http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html improvements

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47231





--- Comment #1 from Mark Thomas <ma...@apache.org>  2009-05-24 16:53:19 PST ---
Patches always welcome.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 47231] http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html improvements

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47231

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #4 from Mark Thomas <ma...@apache.org> 2009-09-21 00:15:37 BST ---
I have applied a variation of the patch to trunk and 6.0.x. It will be included
in 6.0.21 onwards.

Many thanks.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org