You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/11/06 17:25:53 UTC

svn commit: r1637153 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt
Date: Thu Nov  6 16:25:53 2014
New Revision: 1637153

URL: http://svn.apache.org/r1637153
Log:
Update proposal

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637153&r1=1637152&r2=1637153&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Nov  6 16:25:53 2014
@@ -52,18 +52,11 @@ PATCHES PROPOSED TO BACKPORT:
   Enable Tomcat to start when using a IBM JRE in strict SP800-131a mode
   This back-ports the fix as well as some additional changes to more closely
   align the Tomcat 6 code with the code in Tomcat 7.
-  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v1.patch
+  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch
   +1: markt
-  +0: kkolinko:
-       1) A problem:
-         Looking up attributes.get("protocol") in JSSESocketFactory
-         constructor won't work. It is a constructor. None attributes have
-         been set yet.
-       2) A trivial glitch:
-         In LocalStrings.properties a "jsse.excludeDefaultProtocol"
-         message is already present with the same text.
   -1:
 
+
 PATCHES/ISSUES THAT ARE STALLED:
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1637153 - /tomcat/tc6.0.x/trunk/STATUS.txt

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Mark,

On 11/6/14 3:54 PM, Mark Thomas wrote:
> On 06/11/2014 20:40, Christopher Schultz wrote:
>> Mark,
>>
>> On 11/6/14 11:25 AM, markt@apache.org wrote:
>>> Author: markt
>>> Date: Thu Nov  6 16:25:53 2014
>>> New Revision: 1637153
>>>
>>> URL: http://svn.apache.org/r1637153
>>> Log:
>>> Update proposal
>>>
>>> Modified:
>>>     tomcat/tc6.0.x/trunk/STATUS.txt
>>>
>>> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
>>> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637153&r1=1637152&r2=1637153&view=diff
>>> ==============================================================================
>>> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
>>> +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Nov  6 16:25:53 2014
>>> @@ -52,18 +52,11 @@ PATCHES PROPOSED TO BACKPORT:
>>>    Enable Tomcat to start when using a IBM JRE in strict SP800-131a mode
>>>    This back-ports the fix as well as some additional changes to more closely
>>>    align the Tomcat 6 code with the code in Tomcat 7.
>>> -  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v1.patch
>>> +  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch
>>>    +1: markt
>>> -  +0: kkolinko:
>>> -       1) A problem:
>>> -         Looking up attributes.get("protocol") in JSSESocketFactory
>>> -         constructor won't work. It is a constructor. None attributes have
>>> -         been set yet.
>>> -       2) A trivial glitch:
>>> -         In LocalStrings.properties a "jsse.excludeDefaultProtocol"
>>> -         message is already present with the same text.
>>>    -1:
>>>  
>>> +
>>>  PATCHES/ISSUES THAT ARE STALLED:
>>>  
>>>  * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312
>>
>> I'm not sure if a question is better placed here on the mailing list or
>> in STATUS.txt... I think more people will see it, here.
>>
>> Re: http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch
>>
>> In JSSESocketFactory, you moved the auto-detection of the default
>> protocols for an SSLServerSocket from a static initializer into the
>> constructor for JSSESocketFactory. Since the defaults are for the whole
>> JVM, why re-check the defaults for each instance of JSSESocketFactory?
> 
> Because I wanted to handle the case where those defaults depend on the
> value provided for sslProtocol used to create the SSLContext. The
> relationship between sslProtocol and sslEnabledProtocols is one that
> isn't completely clear to me but it is certainly possible the JRE
> vendors could vary the defaults for sslEnabledProtocols based on the
> sslProtocol provided. This is sort of what is happening in bug 56780.

Aah, that makes sense. I hadn't thought of that.

Thanks,
-chris

Re: svn commit: r1637153 - /tomcat/tc6.0.x/trunk/STATUS.txt

Posted by Mark Thomas <ma...@apache.org>.

On 06/11/2014 20:40, Christopher Schultz wrote:
> Mark,
> 
> On 11/6/14 11:25 AM, markt@apache.org wrote:
>> Author: markt
>> Date: Thu Nov  6 16:25:53 2014
>> New Revision: 1637153
>>
>> URL: http://svn.apache.org/r1637153
>> Log:
>> Update proposal
>>
>> Modified:
>>     tomcat/tc6.0.x/trunk/STATUS.txt
>>
>> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
>> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637153&r1=1637152&r2=1637153&view=diff
>> ==============================================================================
>> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
>> +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Nov  6 16:25:53 2014
>> @@ -52,18 +52,11 @@ PATCHES PROPOSED TO BACKPORT:
>>    Enable Tomcat to start when using a IBM JRE in strict SP800-131a mode
>>    This back-ports the fix as well as some additional changes to more closely
>>    align the Tomcat 6 code with the code in Tomcat 7.
>> -  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v1.patch
>> +  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch
>>    +1: markt
>> -  +0: kkolinko:
>> -       1) A problem:
>> -         Looking up attributes.get("protocol") in JSSESocketFactory
>> -         constructor won't work. It is a constructor. None attributes have
>> -         been set yet.
>> -       2) A trivial glitch:
>> -         In LocalStrings.properties a "jsse.excludeDefaultProtocol"
>> -         message is already present with the same text.
>>    -1:
>>  
>> +
>>  PATCHES/ISSUES THAT ARE STALLED:
>>  
>>  * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312
> 
> I'm not sure if a question is better placed here on the mailing list or
> in STATUS.txt... I think more people will see it, here.
> 
> Re: http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch
> 
> In JSSESocketFactory, you moved the auto-detection of the default
> protocols for an SSLServerSocket from a static initializer into the
> constructor for JSSESocketFactory. Since the defaults are for the whole
> JVM, why re-check the defaults for each instance of JSSESocketFactory?

Because I wanted to handle the case where those defaults depend on the
value provided for sslProtocol used to create the SSLContext. The
relationship between sslProtocol and sslEnabledProtocols is one that
isn't completely clear to me but it is certainly possible the JRE
vendors could vary the defaults for sslEnabledProtocols based on the
sslProtocol provided. This is sort of what is happening in bug 56780.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1637153 - /tomcat/tc6.0.x/trunk/STATUS.txt

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Mark,

On 11/6/14 11:25 AM, markt@apache.org wrote:
> Author: markt
> Date: Thu Nov  6 16:25:53 2014
> New Revision: 1637153
> 
> URL: http://svn.apache.org/r1637153
> Log:
> Update proposal
> 
> Modified:
>     tomcat/tc6.0.x/trunk/STATUS.txt
> 
> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1637153&r1=1637152&r2=1637153&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
> +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Nov  6 16:25:53 2014
> @@ -52,18 +52,11 @@ PATCHES PROPOSED TO BACKPORT:
>    Enable Tomcat to start when using a IBM JRE in strict SP800-131a mode
>    This back-ports the fix as well as some additional changes to more closely
>    align the Tomcat 6 code with the code in Tomcat 7.
> -  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v1.patch
> +  http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch
>    +1: markt
> -  +0: kkolinko:
> -       1) A problem:
> -         Looking up attributes.get("protocol") in JSSESocketFactory
> -         constructor won't work. It is a constructor. None attributes have
> -         been set yet.
> -       2) A trivial glitch:
> -         In LocalStrings.properties a "jsse.excludeDefaultProtocol"
> -         message is already present with the same text.
>    -1:
>  
> +
>  PATCHES/ISSUES THAT ARE STALLED:
>  
>  * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44312

I'm not sure if a question is better placed here on the mailing list or
in STATUS.txt... I think more people will see it, here.

Re: http://people.apache.org/~markt/patches/2014-11-06-bug56780-tc6-v2.patch

In JSSESocketFactory, you moved the auto-detection of the default
protocols for an SSLServerSocket from a static initializer into the
constructor for JSSESocketFactory. Since the defaults are for the whole
JVM, why re-check the defaults for each instance of JSSESocketFactory?

Thanks,
-chris