Re: [SECURITY] CVE-2009-3555 SSL Man-In-The-Middle attack - Status update

[Timir Hazarika <ti...@gmail.com>]

Mark, I can't seem to find the newer patch, could you share a link please ?

Thanks,
Timir

On Wed, Dec 16, 2009 at 9:42 PM, Mark Thomas <ma...@apache.org> wrote:

> On 16/12/2009 14:29, Timir Hazarika wrote:
> > Guys,
> >
> > I just tried patching 6.0.20 with the tomcat6 fix mentioned at
> > http://www.mail-archive.com/users@tomcat.apache.org/msg70131.html
> >
> > This gives me a concurrentmodificationexception:
>
> <snip/>
>
> > While this does seem to resolve concurrent modifications, I believe it is
> a
> > race-condition at best, which is working in my favour for now. Please
> > suggest me another fix, if there is one.
>
> Use the newer patch that doesn't use a HandshakeCompletedListener
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: [SECURITY] CVE-2009-3555 SSL Man-In-The-Middle attack - Status update

[Mark Thomas <ma...@apache.org>]

On 16/12/2009 20:05, Timir Hazarika wrote:
> Never mind - I just figured out what text modifications went into that
> revision.
> 
> Mark, any news on 6.0.21 timelines ? Up for release vote yet ?

Nothing certain but should be soon. Keep an eye on the dev list for any
news on tags, release votes etc.

Mark

> 
> Thanks,
> Timir
> 
> On Wed, Dec 16, 2009 at 11:45 PM, Timir Hazarika
> <ti...@gmail.com>wrote:
> 
>> Mark, I can't seem to find the newer patch, could you share a link please ?
>>
>> Thanks,
>> Timir
>>
>>
>> On Wed, Dec 16, 2009 at 9:42 PM, Mark Thomas <ma...@apache.org> wrote:
>>
>>> On 16/12/2009 14:29, Timir Hazarika wrote:
>>>> Guys,
>>>>
>>>> I just tried patching 6.0.20 with the tomcat6 fix mentioned at
>>>> http://www.mail-archive.com/users@tomcat.apache.org/msg70131.html
>>>>
>>>> This gives me a concurrentmodificationexception:
>>>
>>> <snip/>
>>>
>>>> While this does seem to resolve concurrent modifications, I believe it
>>> is a
>>>> race-condition at best, which is working in my favour for now. Please
>>>> suggest me another fix, if there is one.
>>>
>>> Use the newer patch that doesn't use a HandshakeCompletedListener
>>>
>>> Mark
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: [SECURITY] CVE-2009-3555 SSL Man-In-The-Middle attack - Status update

[Timir Hazarika <ti...@gmail.com>]

Never mind - I just figured out what text modifications went into that
revision.

Mark, any news on 6.0.21 timelines ? Up for release vote yet ?

Thanks,
Timir

On Wed, Dec 16, 2009 at 11:45 PM, Timir Hazarika
<ti...@gmail.com>wrote:

> Mark, I can't seem to find the newer patch, could you share a link please ?
>
> Thanks,
> Timir
>
>
> On Wed, Dec 16, 2009 at 9:42 PM, Mark Thomas <ma...@apache.org> wrote:
>
>> On 16/12/2009 14:29, Timir Hazarika wrote:
>> > Guys,
>> >
>> > I just tried patching 6.0.20 with the tomcat6 fix mentioned at
>> > http://www.mail-archive.com/users@tomcat.apache.org/msg70131.html
>> >
>> > This gives me a concurrentmodificationexception:
>>
>> <snip/>
>>
>> > While this does seem to resolve concurrent modifications, I believe it
>> is a
>> > race-condition at best, which is working in my favour for now. Please
>> > suggest me another fix, if there is one.
>>
>> Use the newer patch that doesn't use a HandshakeCompletedListener
>>
>> Mark
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>