tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Downey <steve.dow...@netfolio.com>
Subject RE: DO NOT REPLY [Bug 4545] New: - Webapp connector seg faults u nder an SSL connection
Date Fri, 02 Nov 2001 17:06:39 GMT
> -----Original Message-----
> From: GOMEZ Henri [mailto:hgomez@slib.fr]
> Sent: Friday, November 02, 2001 9:29 AM
> To: Tomcat Developers List
> Cc: jfrederic.clere@NS2.FJCOMP.com
> Subject: RE: DO NOT REPLY [Bug 4545] New: - Webapp connector 
> seg faults
> u nder an SSL connection
> 
> 
> >> Environment is httpd 1.3.22, built with mod_ssl 2.8.5. The 
> >only changes to
> >> httpd.conf were to make the WebApp connection and 
> >WebAppDeploy of examples.
> >> 
> >> It looks like it's seg faulting on trying to get the ssl 
> key size in
> >> mod_webapp.c, at rec->ssld->size = atoi(ssl_tmp). I suspect that
> >> SSL_CIPHER_USEKEYSIZE isn't in the environment, which is 
> >where ssl_temp has
> >> just been read from.
> >
> >I will have a look to it... Has it is my bad...
> 
> Normal, you need to have the SSLVars exported by mod_ssl.
> 
> From :
> http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html
> 
> When using mod_jk with Apache & mod_ssl, it is essential to specify 
> "SSLOptions +StdEnvVars +ExportCertData" in the httpd.conf file. 
> 
> Otherwise, mod_ssl will not produce the neccessary 
> environment variables for
> mod_jk. 
> from (Tilo Christ <tilo.christ@med.siemens.de>). 
> 

Requiring StdEnvVars is NOT a good thing, though. It adds a fair bit of
overhead to the SSL connection, which is why it was made an option. Most
httpd.confs will only turn it on for cgi and shtml. Tomcat wants it turned
on for everything.

For Apache 2.0, it should be possible to avoid this all. With mod_ssl a
standard component, it should be possible to use ap_table_get for
everything. Any other ssl implementation should support the same interface. 

<><><><><><><><><><><><><><><><><><><><><>This
electronic mail transmission
may contain confidential information and is intended only for the person(s)
named.  Any use, copying or disclosure by any other person is strictly
prohibited.  If you have received this transmission in error, please notify
the sender via e-mail. <><><><><><><><><><><><><><><><><><><><><>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message