You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacopo Cappellato <ja...@gmail.com> on 2014/09/19 06:56:51 UTC
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml src/org/ofbiz/catalina/container/CatalinaContainer.java
On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
> <!-- SSL connector attributes -->
> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
Hi all,
I have a concern with the above change to the setting of the "https" connector of Tomcat that I have introduced with rev. 1625919 and I would appreciate your advices.
The original code was plugging into the https the OFBiz custom SSL class using the connector property: "sSLImplementation".
However this property name is no more valid in Tomcat and so it was ignored and not set. The default Tomcat implementation was then used.
With my commit I have fixed the property to match the right name "sslImplementationName" and in fact now the OFBiz class is properly passed and set in the connector.
Unfortunately I don't know much about the OFBiz implementation related to x509 certs; the purpose of the org.ofbiz.catalina.container.SSLImpl class seems to be that of simply bypassing Tomcat certificate checks (in order to let OFBiz manage them) but I am not sure if this code is mature and still required.
The easy fix would be that of commenting out the property.
Is anyone currently using (or knows more than me) the OFBiz implementation of x509 certificates?
Thanks,
Jacopo
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
Ok,
the trunk demo seems to be working fine now that it is running on the latest revision. My last commit with additional cleanups for the catalina container may have fixed the issue.
Regards,
Jacopo
On Sep 21, 2014, at 9:06 AM, Jacopo Cappellato <ja...@hotwaxmedia.com> wrote:
> Jacques, all,
>
> I am doing some experiments to figure out the issue on the trunk demo and for this reason it may be unavailable (intermittently) for a few hours today.
>
> Jacopo
>
> On Sep 20, 2014, at 5:26 PM, Jacques Le Roux <ja...@les7arts.com> wrote:
>
>>
>> Le 20/09/2014 11:44, Jacques Le Roux a écrit :
>>> BTW I made some certificate changes when I installed the demos: http://svn.apache.org/viewvc?view=revision&revision=1598544
>>> I asked about keeping the content of framework/base/cert/ : http://markmail.org/message/jud4g3bbwwusdbfp
>>> Anyway we don't use the new certificate because self signed certificates are the same than no certificates (most modern browsers will warn about security anyway)
>>
>> BTW when I say we don't use the new self signed certificate, it's not exactly true. Because we always use it by default (eg in your local instance) but it seems subsumed by the ASF certificate.
>> I don't remember exactly how it's done (if I ever knew/was explained by jani), but one thing I'm sure is there were no changes but "port.https.enabled=N " before I reverted r1626060
>>
>> HTH
>>
>> Jacques
>>
>>>
>>> Jacques
>>>
>>> Le 20/09/2014 11:31, Jacques Le Roux a écrit :
>>>> I tried to comment out the 2 entries to no avail
>>>> I then reverted only r1626060 and it fixed the issue
>>>>
>>>> We use the ASF global certificate ahead in a proxy which allows to use only HTTP for demos.
>>>> The HTTPS traffic is filtered by the proxy and redirected to the HTTP traffic.
>>>> But we don't use certificate in any of the OFBiz demos.
>>>>
>>>> HTH
>>>>
>>>> Jacques
>>>>
>>>> Le 20/09/2014 06:49, Jacopo Cappellato a écrit :
>>>>> I have tested in my local box the setting
>>>>>
>>>>> port.https.enabled=N
>>>>>
>>>>> but I was not able to recreate any issue.
>>>>>
>>>>> Are we using a certificate for the demo? Could you please try to disable the two entries:
>>>>>
>>>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>
>>>>> from framework/catalina/ofbiz-component.xml
>>>>>
>>>>> ?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Jacopo
>>>>>
>>>>> On Sep 19, 2014, at 9:18 AM, Jacopo Cappellato <ja...@gmail.com> wrote:
>>>>>
>>>>>> On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>>>>>>
>>>>>>> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>>>>>>>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>>>>>>>
>>>>>>>>> <!-- SSL connector attributes -->
>>>>>>>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>>>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>>> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I reverted to r1625970 and it's now back again.
>>>>>> Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
>>>>>>
>>>>>>> The OFBiz demos use in url.properties
>>>>>>> port.https.enabled=N
>>>>>> I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
>>>>>> Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
>>>>>> You could try to comment out the line:
>>>>>>
>>>>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>>
>>>>>> Jacopo
>>>>>>
>>>>>>
>>>>>>> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's only that
>>>>>>>
>>>>>>> HTH
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Jacopo
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
Jacques, all,
I am doing some experiments to figure out the issue on the trunk demo and for this reason it may be unavailable (intermittently) for a few hours today.
Jacopo
On Sep 20, 2014, at 5:26 PM, Jacques Le Roux <ja...@les7arts.com> wrote:
>
> Le 20/09/2014 11:44, Jacques Le Roux a écrit :
>> BTW I made some certificate changes when I installed the demos: http://svn.apache.org/viewvc?view=revision&revision=1598544
>> I asked about keeping the content of framework/base/cert/ : http://markmail.org/message/jud4g3bbwwusdbfp
>> Anyway we don't use the new certificate because self signed certificates are the same than no certificates (most modern browsers will warn about security anyway)
>
> BTW when I say we don't use the new self signed certificate, it's not exactly true. Because we always use it by default (eg in your local instance) but it seems subsumed by the ASF certificate.
> I don't remember exactly how it's done (if I ever knew/was explained by jani), but one thing I'm sure is there were no changes but "port.https.enabled=N " before I reverted r1626060
>
> HTH
>
> Jacques
>
>>
>> Jacques
>>
>> Le 20/09/2014 11:31, Jacques Le Roux a écrit :
>>> I tried to comment out the 2 entries to no avail
>>> I then reverted only r1626060 and it fixed the issue
>>>
>>> We use the ASF global certificate ahead in a proxy which allows to use only HTTP for demos.
>>> The HTTPS traffic is filtered by the proxy and redirected to the HTTP traffic.
>>> But we don't use certificate in any of the OFBiz demos.
>>>
>>> HTH
>>>
>>> Jacques
>>>
>>> Le 20/09/2014 06:49, Jacopo Cappellato a écrit :
>>>> I have tested in my local box the setting
>>>>
>>>> port.https.enabled=N
>>>>
>>>> but I was not able to recreate any issue.
>>>>
>>>> Are we using a certificate for the demo? Could you please try to disable the two entries:
>>>>
>>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>
>>>> from framework/catalina/ofbiz-component.xml
>>>>
>>>> ?
>>>>
>>>> Thanks,
>>>>
>>>> Jacopo
>>>>
>>>> On Sep 19, 2014, at 9:18 AM, Jacopo Cappellato <ja...@gmail.com> wrote:
>>>>
>>>>> On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>>>>>
>>>>>> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>>>>>>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>>>>>>
>>>>>>>> <!-- SSL connector attributes -->
>>>>>>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I reverted to r1625970 and it's now back again.
>>>>> Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
>>>>>
>>>>>> The OFBiz demos use in url.properties
>>>>>> port.https.enabled=N
>>>>> I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
>>>>> Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
>>>>> You could try to comment out the line:
>>>>>
>>>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>
>>>>> Jacopo
>>>>>
>>>>>
>>>>>> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's only that
>>>>>>
>>>>>> HTH
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Jacopo
>>>>
>>>>
>>>
>>>
>>
>>
>
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml
src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
Le 20/09/2014 11:44, Jacques Le Roux a écrit :
> BTW I made some certificate changes when I installed the demos: http://svn.apache.org/viewvc?view=revision&revision=1598544
> I asked about keeping the content of framework/base/cert/ : http://markmail.org/message/jud4g3bbwwusdbfp
> Anyway we don't use the new certificate because self signed certificates are the same than no certificates (most modern browsers will warn about
> security anyway)
BTW when I say we don't use the new self signed certificate, it's not exactly true. Because we always use it by default (eg in your local instance)
but it seems subsumed by the ASF certificate.
I don't remember exactly how it's done (if I ever knew/was explained by jani), but one thing I'm sure is there were no changes but
"port.https.enabled=N " before I reverted r1626060
HTH
Jacques
>
> Jacques
>
> Le 20/09/2014 11:31, Jacques Le Roux a écrit :
>> I tried to comment out the 2 entries to no avail
>> I then reverted only r1626060 and it fixed the issue
>>
>> We use the ASF global certificate ahead in a proxy which allows to use only HTTP for demos.
>> The HTTPS traffic is filtered by the proxy and redirected to the HTTP traffic.
>> But we don't use certificate in any of the OFBiz demos.
>>
>> HTH
>>
>> Jacques
>>
>> Le 20/09/2014 06:49, Jacopo Cappellato a écrit :
>>> I have tested in my local box the setting
>>>
>>> port.https.enabled=N
>>>
>>> but I was not able to recreate any issue.
>>>
>>> Are we using a certificate for the demo? Could you please try to disable the two entries:
>>>
>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>
>>> from framework/catalina/ofbiz-component.xml
>>>
>>> ?
>>>
>>> Thanks,
>>>
>>> Jacopo
>>>
>>> On Sep 19, 2014, at 9:18 AM, Jacopo Cappellato <ja...@gmail.com> wrote:
>>>
>>>> On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>>>>
>>>>> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>>>>>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>>>>>
>>>>>>> <!-- SSL connector attributes -->
>>>>>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I
>>>>> reverted to r1625970 and it's now back again.
>>>> Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
>>>>
>>>>> The OFBiz demos use in url.properties
>>>>> port.https.enabled=N
>>>> I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
>>>> Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
>>>> You could try to comment out the line:
>>>>
>>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>
>>>> Jacopo
>>>>
>>>>
>>>>> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess
>>>>> it's only that
>>>>>
>>>>> HTH
>>>>>
>>>>> Jacques
>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Jacopo
>>>
>>>
>>
>>
>
>
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml
src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
BTW I made some certificate changes when I installed the demos: http://svn.apache.org/viewvc?view=revision&revision=1598544
I asked about keeping the content of framework/base/cert/ : http://markmail.org/message/jud4g3bbwwusdbfp
Anyway we don't use the new certificate because self signed certificates are the same than no certificates (most modern browsers will warn about
security anyway)
Jacques
Le 20/09/2014 11:31, Jacques Le Roux a écrit :
> I tried to comment out the 2 entries to no avail
> I then reverted only r1626060 and it fixed the issue
>
> We use the ASF global certificate ahead in a proxy which allows to use only HTTP for demos.
> The HTTPS traffic is filtered by the proxy and redirected to the HTTP traffic.
> But we don't use certificate in any of the OFBiz demos.
>
> HTH
>
> Jacques
>
> Le 20/09/2014 06:49, Jacopo Cappellato a écrit :
>> I have tested in my local box the setting
>>
>> port.https.enabled=N
>>
>> but I was not able to recreate any issue.
>>
>> Are we using a certificate for the demo? Could you please try to disable the two entries:
>>
>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>
>> from framework/catalina/ofbiz-component.xml
>>
>> ?
>>
>> Thanks,
>>
>> Jacopo
>>
>> On Sep 19, 2014, at 9:18 AM, Jacopo Cappellato <ja...@gmail.com> wrote:
>>
>>> On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>>>
>>>> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>>>>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>>>>
>>>>>> <!-- SSL connector attributes -->
>>>>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I
>>>> reverted to r1625970 and it's now back again.
>>> Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
>>>
>>>> The OFBiz demos use in url.properties
>>>> port.https.enabled=N
>>> I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
>>> Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
>>> You could try to comment out the line:
>>>
>>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>
>>> Jacopo
>>>
>>>
>>>> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's
>>>> only that
>>>>
>>>> HTH
>>>>
>>>> Jacques
>>>>
>>>>> Thanks,
>>>>>
>>>>> Jacopo
>>
>>
>
>
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml
src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
I tried to comment out the 2 entries to no avail
I then reverted only r1626060 and it fixed the issue
We use the ASF global certificate ahead in a proxy which allows to use only HTTP for demos.
The HTTPS traffic is filtered by the proxy and redirected to the HTTP traffic.
But we don't use certificate in any of the OFBiz demos.
HTH
Jacques
Le 20/09/2014 06:49, Jacopo Cappellato a écrit :
> I have tested in my local box the setting
>
> port.https.enabled=N
>
> but I was not able to recreate any issue.
>
> Are we using a certificate for the demo? Could you please try to disable the two entries:
>
> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>
> from framework/catalina/ofbiz-component.xml
>
> ?
>
> Thanks,
>
> Jacopo
>
> On Sep 19, 2014, at 9:18 AM, Jacopo Cappellato <ja...@gmail.com> wrote:
>
>> On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>>
>>> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>>>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>>>
>>>>> <!-- SSL connector attributes -->
>>>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I reverted to r1625970 and it's now back again.
>> Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
>>
>>> The OFBiz demos use in url.properties
>>> port.https.enabled=N
>> I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
>> Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
>> You could try to comment out the line:
>>
>> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>
>> Jacopo
>>
>>
>>> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's only that
>>>
>>> HTH
>>>
>>> Jacques
>>>
>>>> Thanks,
>>>>
>>>> Jacopo
>
>
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacopo Cappellato <ja...@gmail.com>.
I have tested in my local box the setting
port.https.enabled=N
but I was not able to recreate any issue.
Are we using a certificate for the demo? Could you please try to disable the two entries:
<property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
from framework/catalina/ofbiz-component.xml
?
Thanks,
Jacopo
On Sep 19, 2014, at 9:18 AM, Jacopo Cappellato <ja...@gmail.com> wrote:
> On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>
>>
>> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>>
>>>> <!-- SSL connector attributes -->
>>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>>
>> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I reverted to r1625970 and it's now back again.
>
> Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
>
>> The OFBiz demos use in url.properties
>> port.https.enabled=N
>
> I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
> Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
> You could try to comment out the line:
>
> <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>
> Jacopo
>
>
>> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's only that
>>
>> HTH
>>
>> Jacques
>>
>>>
>>> Thanks,
>>>
>>> Jacopo
>
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacopo Cappellato <ja...@gmail.com>.
On Sep 19, 2014, at 9:05 AM, Jacques Le Roux <ja...@les7arts.com> wrote:
>
> Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
>> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>>
>>> <!-- SSL connector attributes -->
>>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
>
> It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I reverted to r1625970 and it's now back again.
Hmm... this may indicate that the issue is in rev. 1626060 but I don't see anything wrong in it (I will double check).
> The OFBiz demos use in url.properties
> port.https.enabled=N
I didn't change this part of the framework, I don't know if this is the cause of the issue. I will try to set the same in my local box.
Are you sure that the issue was related to a particular version of OFBiz and not to an issue of the server hosting it?
You could try to comment out the line:
<property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
Jacopo
> I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's only that
>
> HTH
>
> Jacques
>
>>
>> Thanks,
>>
>> Jacopo
Re: svn commit: r1625919 - in /ofbiz/trunk/framework/catalina: ofbiz-component.xml
src/org/ofbiz/catalina/container/CatalinaContainer.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
Le 19/09/2014 06:56, Jacopo Cappellato a écrit :
> On Sep 18, 2014, at 11:00 AM, jacopoc@apache.org wrote:
>
>> <!-- SSL connector attributes -->
>> - <property name="sSLImplementation" value="org.ofbiz.catalina.container.SSLImpl"/>
>> + <property name="sslImplementationName" value="org.ofbiz.catalina.container.SSLImpl"/>
> Hi all,
>
> I have a concern with the above change to the setting of the "https" connector of Tomcat that I have introduced with rev. 1625919 and I would appreciate your advices.
> The original code was plugging into the https the OFBiz custom SSL class using the connector property: "sSLImplementation".
> However this property name is no more valid in Tomcat and so it was ignored and not set. The default Tomcat implementation was then used.
> With my commit I have fixed the property to match the right name "sslImplementationName" and in fact now the OFBiz class is properly passed and set in the connector.
> Unfortunately I don't know much about the OFBiz implementation related to x509 certs; the purpose of the org.ofbiz.catalina.container.SSLImpl class seems to be that of simply bypassing Tomcat certificate checks (in order to let OFBiz manage them) but I am not sure if this code is mature and still required.
> The easy fix would be that of commenting out the property.
>
> Is anyone currently using (or knows more than me) the OFBiz implementation of x509 certificates?
It seems not related to this particular change (I tested w/ or w/o) but today the trunk demo no longer work when it still was yesterday. I reverted to
r1625970 and it's now back again.
The OFBiz demos use in url.properties
port.https.enabled=N
I see only this reason but have no time this morning to check the relation with the trunk demo issue. Locally all works correctly so I guess it's only
that
HTH
Jacques
>
> Thanks,
>
> Jacopo
>
>
>
>