You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/06/02 15:03:31 UTC

[Bug 64493] New: Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

            Bug ID: 64493
           Summary: Regression: JMX beans for HTTPS connector changed
                    protocol with 9.0.35
           Product: Tomcat 9
           Version: 9.0.35
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: asf+paul@kungfoocoder.org
  Target Milestone: -----

Using the following pseudo code:


{
    try
    {
      MBeanServer server = MBeanServerFactory.createMBeanServer();
      Set<ObjectName> protocolHandlers = server.queryNames(new
ObjectName("Catalina:type=Connector,*"), null);

      for (ObjectName x: protocolHandlers)
      {
        String protocol = (String) server.getAttribute(x, "protocol");
        System.out.println(x + " - " + protocol);
      }
    }
    catch (Exception e)
    {

    }

}

Then under 9.0.30 we get:

Catalina:type=Connector,port=10180 - HTTP/1.1
Catalina:type=Connector,port=10443 - HTTP/1.1


Under 0.0.35 we get:

[15:02] Anton Goselink

Catalina:type=Connector,port=10180 - HTTP/1.1
Catalina:type=Connector,port=10443 - org.apache.coyote.http11.Http11NioProtocol


I believe that this is related to
https://github.com/apache/tomcat/commit/5e0dd5d91ca3b9eb85d79fca2b9ce9313d90083c
, since in the old situation, whenever the connector was Http11NioProtocol, it
would return "HTTP/1.1". in the new situation, when a ProtocolHandler is passed
in, we use the class name instead of "HTTP/1.1" for configuredProtocol. This
should probably get the name of the protocol being handled from the
ProtocolHandler.

In any case, this causes a breakage in our environment, as we rely on the
protocol being set to "HTTP*" for the JMX bean.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64493] Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

Remy Maucherat <re...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #4 from Remy Maucherat <re...@apache.org> ---
I decided to change it back in 9.0.36. 10.0 will continue to use the value that
was used to configure the connector.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64493] Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

--- Comment #1 from Remy Maucherat <re...@apache.org> ---
Well, the new value is correct as well I'm afraid. I will look at how easy it
is to restore the fake value.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64493] Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

--- Comment #5 from asf+paul@kungfoocoder.org ---
We construct it through server.xml I guess. We don't call this code directly,
but rather through the normal tomcat configuration.

Our server.xml has:
    <Connector
        port="10180"
        protocol="HTTP/1.1"

    <Connector
        port="10443"
        protocol="org.apache.coyote.http11.Http11NioProtocol"


which would explain the difference, since the former is converted into the
latter in code. Previously the latter was also converted back into the former
when exposing the name, whereas now we just use what was passed in (I guess?).

At least this gives a configuration change instead of a code change, so we can
deploy a new Tomcat and change config.

Verifying, that changing the second "protocol" to 

    <Connector
        port="10443"
        protocol="HTTP/1.1"

Does give us the output that we expect in our code. So now the question is was
this a desired side effect of the change? And if not, can this be fixed?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64493] Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

--- Comment #3 from Remy Maucherat <re...@apache.org> ---
The new behavior reflects what is passed to the constructor, which I think is
more consistent, so how is your connector created ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64493] Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

--- Comment #2 from asf+paul@kungfoocoder.org ---
I would be happy if they _both_ showed the same value, either new or old. It is
the mismatch between the two that makes me sad.

Ideally we would keep the old, then we wouldn't need to update our product to
get the CVE fix in 9.0.35.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64493] Regression: JMX beans for HTTPS connector changed protocol with 9.0.35

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64493

--- Comment #6 from asf+paul@kungfoocoder.org ---
Thanks for the change!

As discussed in the previous comment we do have a workaround that we could
apply, now that we know what the change is and the reason why this changed. So
although I would still argue against this change for the 9.0 branch, since it
_might_ require code/config changes for users.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org