You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/08/14 20:14:20 UTC
svn commit: r685982 - in /tomcat: current/tc5.5.x/STATUS.txt
tc6.0.x/trunk/STATUS.txt
Author: markt
Date: Thu Aug 14 11:14:19 2008
New Revision: 685982
URL: http://svn.apache.org/viewvc?rev=685982&view=rev
Log:
Withdraw proposal since a better fix is on the way.
Modified:
tomcat/current/tc5.5.x/STATUS.txt
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/current/tc5.5.x/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=685982&r1=685981&r2=685982&view=diff
==============================================================================
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Thu Aug 14 11:14:19 2008
@@ -79,16 +79,3 @@
https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
+1: markt, fhanik
-1:
-
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45528
- Test the SSL socket for cert/cipher compatibility before returning it
- http://svn.apache.org/viewvc?rev=684559&view=rev
- +1: markt
- -1: fhanik - this is a misconfigured keystore. Solution is to fix the keystore.
- The SSL-HOW-TO in tomcat is talking about this.
- There are a few cases, in this users case, the 'tomcat' alias is not present
- The keystore in this case doesn't even contain a private key
- markt - This isn't an missing alias / private key issue. It is a cipher /
- private key compatibility issue. I have updated the bug entry to
- make this clearer.
-
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685982&r1=685981&r2=685982&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Aug 14 11:14:19 2008
@@ -78,27 +78,7 @@
-1:
0: funkman - I see the bug URL twice with no patch
-
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45528
- Test the SSL socket for cert/cipher compatibility before returning it
- http://svn.apache.org/viewvc?rev=684559&view=rev
- +1: markt
- 0: remm: It does look like a hack indeed, but it detects the problem
- -1: billbarker The patch is horrible, since it drops connections for no good reason, simply to
- protect against a totally brain-dead miss-configurations. If the check is moved into
- the main except loop, then I can go for -0.
- -1: fhanik - the problem in the bug is obvious, the keystore doesn't contain any private keys
- that can be checked very easily
- http://www.exampledepot.com/egs/java.security/ListAliases.html
- Furthermore SSL-HOWTO in Tomcat, mentions this problem
- - Whilst this might cause the logging loop (and I agree it is
- easily checked), the only time I saw the logging loop was when
- the certificate and the ciphers were not compatible. I could not
- see anywhere in the javax.net.ssl API that would let me check
- this. Opening a socket (which throws an excpetion in this case)
- appears to be the only way to detect it.
-
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608
+ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608
Prevent race condition for allocate/deallocate in StandardWrapper
http://svn.apache.org/viewvc?rev=685177&view=rev
+1: markt
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org