tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [PATCH] Tomcat 5.X connectors SSL Accelerator proxy support
Date Sun, 03 Apr 2005 06:26:33 GMT
Dev Team,

Attached is a patch to address the Tomcat 5.X inability to specify a
secure proxy without an SSL connection. The goal is to specify
secure="true", scheme="https", proxyPort="443", and
proxyName="" on a plain HTTP Connector in
server.xml. I am not sure if this is the best, (or even acceptable),
solution, but it is the simplest I could come up with while not changing
the documented Tomcat 5.X Connector attributes. The configuration above
used to work with Tomcat 4.1, because the SSL support was never enabled
unless the <Factory/> tag was specified within the Connector

The approach here for Tomcat 5.X is to ignore the secure
attribute/property configuration in the underlying Http11Protocol instance
if the Connector is configured with either a proxyPort or proxyName and
there are no other explicit SSL configuration attributes specified. The
logic behind this choice is that use of an SSL Accelerator will imply a
proxied port and/or host and will not specify any SSL related options.
Furthermore, in the event a proxied SSL Connection was desired afterall,
it will almost always require at least some keystore access configuration.
One possible variation might be to only ignore the secure configuration if
the proxyName is set; this might be preferable if simple port forwarding
on the host server is more prevalent than the use of SSL Accelerators,
(albeit potentially more confusing).

The patch is limited to the jakarta-tomcat-connectors module and should be
compatible with Tomcat 4.1 and Tomcat 5.X versions. It has been tested
only against Tomcat 5.0.30 so far. If someone the Dev Team indicates that
this patch is acceptable, I can certainly proceed with Tomcat 4.1 and
Tomcat 5.5 testing... I just would like a sanity check first if at all

Note: I believe that the minor patch to o/a/coyote/ has
already been performed against the Tomcat 5.5 main trunk by Remy, but was
missing on the Tomcat 5.0 branch.

Thanks for your consideration in advance,

Randy Watler
Finali-Convergys Corporation

View raw message