You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/05/11 10:20:16 UTC
[Bug 44225] SSL connector tries to load the private keystore file
after privileges have already been dropped by JSVC
https://bz.apache.org/bugzilla/show_bug.cgi?id=44225
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
It doesn't appear as if anyone is interested in writing a patch for this.
Also, limiting the key file to root doesn't offer any additional security. The
Tomcat process will have the key in memory and hence the OS user tomcat is
running as will always be able to access it.
Therefore, closing this as WONTFIX.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org