You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Martin Dubuc <ma...@gmail.com> on 2011/06/22 13:27:51 UTC

crlFile and SunX509 algorithm in Tomcat 7.0.11

I posted a request for help regarding an issue with configuration of CRL for
HTTPS connector on the users list but haven't receive any insights on the
matter. I am re-posting the message with summary information in hope that
someone on the dev list can help.

* * *

Up to Tomcat 7.0.10, I used the crlFile configuration along with the SunX509
algorithm in SSL HTTP connector configuration in server.xml. However, when I
start Tomcat 7.0.11, 7.0.14 or 7.0.16 with the same configuration, I get the
following error:

Jun 16, 2011 12:22:22 PM org.apache.coyote.
AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-bio-8443"]
java.io.IOException: CRLs not supported for type: SunX509
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:476)
...
Caused by: java.io.IOException: CRLs not supported for type: SunX509

        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:476)
        at org.apache.tomcat.util.net.
jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
...

I am using JDK 6 update 26.

Has CRL support been recently removed for SunX509 algorithm? Anybody on the
dev list would know why this might have been introduced in 7.0.11?

I have seen that some code was committed in the JSSESocketFactory class in
7.0.11, but I can't see the correlation between this change and the
exception that started to be thrown in 7.0.11.

Martin