You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/05/11 10:20:16 UTC

[Bug 44225] SSL connector tries to load the private keystore file after privileges have already been dropped by JSVC

https://bz.apache.org/bugzilla/show_bug.cgi?id=44225

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
It doesn't appear as if anyone is interested in writing a patch for this.

Also, limiting the key file to root doesn't offer any additional security. The
Tomcat process will have the key in memory and hence the OS user tomcat is
running as will always be able to access it.

Therefore, closing this as WONTFIX.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org