tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BugRat Mail System <>
Subject BugRat Report #404 has been filed.
Date Fri, 17 Nov 2000 12:08:18 GMT
Bug report #404 has just been filed.

You can view the report at the following URL:


REPORT #404 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: medium
Severity: serious
Confidence: public
   Release: 3.2 b7
   JVM Release: 1.3
   Operating System: Win32
   OS Release: Windows 2000 SP1
   Platform: x86

addSecureEndpoint in EmbededTomcat does not work.

When I looked at the code I saw that the parameters keyFile and keyPass were not being used
at all.  This probably means that addSecureEndpoint ALWAYS uses the default values of "{user.home}/.keystore"
and "changeit".  This is VERY bad since developers might not notice this until too late (if
they have the keystore file set up like described in server.xml to begin with and then change
it later on to use a specified keystore and password, then they start using EmbededTomcat...
the may not notice that it's using the wrong keystore... I know... far fetched... but still).

Another problem with addSecureEndpoint was that it didn't support client authentication. 
This is simply due to the fact that EmbededTomcat was developed prior to client authentication
support in Tomcat.

View raw message