You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/04/30 20:20:42 UTC
[tomcat] branch 7.0.x updated (e1d122f -> f7463e9)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from e1d122f 64398: Change default value separator for property replacement
new 3595979 Tweak wording for clarity
new f7463e9 Add key store type section
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 45 +++++++++++++++++++++++++++++++++++++++++---
2 files changed, 46 insertions(+), 3 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/02: Tweak wording for clarity
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3595979efbd91c77d529e2b2014050679d50d780
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 30 19:36:07 2020 +0100
Tweak wording for clarity
---
webapps/docs/config/http.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 4e71441..768c984 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1445,7 +1445,7 @@
Java Blocking Connector Java Non Blocking Connector APR/native Connector
BIO NIO APR
Classname Http11Protocol Http11NioProtocol Http11AprProtocol
- Tomcat Version 3.x onwards 6.x onwards 5.5.x onwards
+ Tomcat Version since 3.x since 6.0.x since 5.5.x
Support Polling NO YES YES
Polling Size N/A maxConnections maxConnections
Read Request Headers Blocking Non Blocking Blocking
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 02/02: Add key store type section
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f7463e9efba42cbe846be0b4794a5ee4f70b5a9a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 30 21:06:21 2020 +0100
Add key store type section
---
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 43 +++++++++++++++++++++++++++++++++++++++++--
2 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8cf7d02..01b5910 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -178,6 +178,10 @@
system property changing how the sequence <code>%5c</code> is
interpretted in a URI. (markt)
</fix>
+ <add>
+ Add a section to the TLS Connector documentation on different key store
+ types and how to configure them. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 768c984..96a9715 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1175,7 +1175,8 @@
<attribute name="keystoreType" required="false">
<p>The type of keystore file to be used for the server certificate.
- If not specified, the default value is "<code>JKS</code>".</p>
+ If not specified, the default value is "<code>JKS</code>". See the notes
+ on <a href="#Key_store_types">key store types</a> below.</p>
</attribute>
<attribute name="sessionCacheSize" required="false">
@@ -1283,7 +1284,8 @@
<p>The type of key store used for the trust store. The default is the
value of the <code>javax.net.ssl.trustStoreType</code> system property. If
that property is null, the value of <code>keystoreType</code> is used as
- the default.</p>
+ the default. See the notes on <a href="#Key_store_types">key store
+ types</a> below.</p>
</attribute>
</attributes>
@@ -1438,6 +1440,43 @@
</subsection>
</subsection>
+
+ <subsection name="Key store types">
+
+ <p>In addition to the standard key store types (JKS and PKCS12), most Java
+ runtimes support additional key store types such as Windows-ROOT,
+ Windows-My, DKS as well as hardware security modules. Generally, to use
+ these additional keystore types with a TLS Conector in Tomcat:</p>
+
+ <ul>
+ <li>Set the certificateKeystoreType and/or truststoreType Connector
+ attribute (as appropriate) to the necessary type</li>
+ <li>If a configuration file is required, set the certificateKeystoreFile
+ and/or truststoreFile Connector attribute (as appropriate) to point to
+ the file</li>
+ <li>If no configuration file is required then you will almost certainly
+ need to explicitly set the certificateKeystoreFile and/or
+ truststoreFile Connector attribute (as appropriate) to the empty
+ string ("")</li>
+ <li>If a password is required, set the certificateKeystorePassword and/or
+ truststorePassword Connector attribute (as appropriate) to the
+ required password</li>
+ <li>If no password is required then you will almost certainly need to
+ explicitly set the certificateKeystorePassword and/or
+ truststorePassword Connector attribute (as appropriate) to the empty
+ string ("")</li>
+ </ul>
+
+ <p>Variations in key store implementations, combined with the key store
+ manipulation Tomcat does in the background to allow interoperability between
+ JSSE and OpenSSL configuration styles, means that some keystores may need
+ slightly different configuration. Assitance is always available from the
+ <a href="http://tomcat.apache.org/lists.html#tomcat-users">Apache Tomcat
+ users mailing list</a>. We aim to document any key stores that vary from the
+ above advice here. Currently there are none we are aware of.</p>
+
+ </subsection>
+
<subsection name="Connector Comparison">
<p>Below is a small chart that shows how the connectors differ.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org