You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/08/14 20:14:20 UTC

svn commit: r685982 - in /tomcat: current/tc5.5.x/STATUS.txt tc6.0.x/trunk/STATUS.txt

Author: markt
Date: Thu Aug 14 11:14:19 2008
New Revision: 685982

URL: http://svn.apache.org/viewvc?rev=685982&view=rev
Log:
Withdraw proposal since a better fix is on the way.

Modified:
    tomcat/current/tc5.5.x/STATUS.txt
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/current/tc5.5.x/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=685982&r1=685981&r2=685982&view=diff
==============================================================================
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Thu Aug 14 11:14:19 2008
@@ -79,16 +79,3 @@
   https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
   +1: markt, fhanik
   -1: 
-
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45528
-  Test the SSL socket for cert/cipher compatibility before returning it
-  http://svn.apache.org/viewvc?rev=684559&view=rev
-  +1: markt
-  -1: fhanik - this is a misconfigured keystore. Solution is to fix the keystore.
-      The SSL-HOW-TO in tomcat is talking about this.
-      There are a few cases, in this users case, the 'tomcat' alias is not present
-      The keystore in this case doesn't even contain a private key
-      markt - This isn't an missing alias / private key issue. It is a cipher /
-              private key compatibility issue. I have updated the bug entry to
-              make this clearer.
-

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685982&r1=685981&r2=685982&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Aug 14 11:14:19 2008
@@ -78,27 +78,7 @@
   -1: 
    0: funkman -  I see the bug URL twice with no patch
 
- 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45528
-  Test the SSL socket for cert/cipher compatibility before returning it
-  http://svn.apache.org/viewvc?rev=684559&view=rev
-  +1: markt
-   0: remm: It does look like a hack indeed, but it detects the problem
-  -1: billbarker The patch is horrible, since it drops connections for no good reason, simply to 
-                 protect against a totally brain-dead miss-configurations.  If the check is moved into
-                 the main except loop, then I can go for -0.
-  -1: fhanik - the problem in the bug is obvious, the keystore doesn't contain any private keys
-               that can be checked very easily
-               http://www.exampledepot.com/egs/java.security/ListAliases.html
-               Furthermore SSL-HOWTO in Tomcat, mentions this problem
-             - Whilst this might cause the logging loop (and I agree it is
-               easily checked), the only time I saw the logging loop was when
-               the certificate and the ciphers were not compatible. I could not
-               see anywhere in the javax.net.ssl API that would let me check
-               this. Opening a socket (which throws an excpetion in this case)
-               appears to be the only way to detect it.
-
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608
+ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608
   Prevent race condition for allocate/deallocate in StandardWrapper
   http://svn.apache.org/viewvc?rev=685177&view=rev
   +1: markt



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org