tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wolfgang Hoschek <wolfgang.hosc...@cern.ch>
Subject Re: New SSL HOWTOs
Date Fri, 24 Aug 2001 07:53:50 GMT
At 17:28 23/8/01 -0600, Christopher Cain wrote:

>Wolfgang Hoschek wrote:
> >
> > Sorry, I am posting to tomcat-dev although not subscribed...
> >
> > Two suggestions:
> >
> > - Perhaps it is a good idea to also describe in the SSL HOWTO ways to
> > configure SSL without stuffing libs into jre/lib/ext. Some sites run
> > multiple versions/vendors of jdks, TC, JSSE, et al from (secure) read-only
> > shared file systems. In such an environment products and versions are
> > delibarately kept separate from each other in order to avoid having to
> > maintain countless permutations. Startup scripts "link" everything together
> > via env vars. This is also convenient to test different permutations. The
> > jre/lib/ext mechanism is not an option, due too the read-only nature.
>
>Hmmm ... that's interesting. It's true that the JSSE libs don't
>necessarily have to be an installed extension, and it's easy enough to
>include a quick phrase about the classpath instead. I'm reluctant to
>encourage users to put them into the internal Tomcat classloader
>directories, since that is a rather sketchy configuration (someone will
>eventually add JSSE to the classpath as well, which will cause Tomcat to
>fail on startup unless the internal versions are removed).
>
>So in your environment, it sounds like you would be simply specifying
>the JSSE jars in classpath passed to TC, yes?

Exactly.


Mime
View raw message