You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/11/09 23:15:39 UTC
svn commit: r1033266 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt
Date: Tue Nov 9 22:15:39 2010
New Revision: 1033266
URL: http://svn.apache.org/viewvc?rev=1033266&view=rev
Log:
Withdraw my patch, vote for Konstantin's
jfclere's concerns are addressed by the patch (keystorePass will be used if present)
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1033266&r1=1033265&r2=1033266&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Nov 9 22:15:39 2010
@@ -48,27 +48,8 @@ PATCHES PROPOSED TO BACKPORT:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48545
Truststores don't have to have passwords
Based on a patch by 'smmwpf54'
- https://issues.apache.org/bugzilla/attachment.cgi?id=25848
- +1: markt
- +1: kkolinko: OK with this one, but I am proposing a slightly corrected version below.
- -1:
- Comments on previous patch
- jfclere: Doc says it should use keystorePass (http://tomcat.apache.org/tomcat-6.0-doc/config/http.html).
- so that would break existing configurations.
- markt: It shouldn't break existing configs. JSSE allows trust stores to be
- read without providing the password
- kkolinko: 1. My understanding of KeyStore.load(stream,pwd) doc is that when the
- password is not needed to open a store, it is used to verify its integrity.
- So, this patch changes behaviour: skips the verification.
- 2. Note, that the password might be provided by overriding the
- getKeystorePassword() method. There is no way to provide such password
- for the truststore in the new code.
- 3. I would be fine if this new behaviour in TC6 were triggered by some
- system property, but defaults to the old behaviour.
-
- Updated patch:
https://issues.apache.org/bugzilla/attachment.cgi?id=26268
- +1: kkolinko
+ +1: kkolinko, markt
-1:
* Configure Tomcat to use HttpOnly for session cookies by default
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org