tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <billwbar...@verizon.net>
Subject Re: svn commit: r882320 - in /tomcat/trunk/java/org/apache/tomcat/util/net/jsse: JSSESocketFactory.java JSSESupport.java
Date Fri, 20 Nov 2009 03:56:29 GMT
This looks like it should work (haven't tested it yet), but hoping that 
there are people that can test on non-Sun JVMs to see if there could be 
problems.  This patch is a little heavy on knowing how the JVM implements 
things :(.

<markt@apache.org> wrote in message 
news:20091119220644.2D8F4238888E@eris.apache.org...
> Author: markt
> Date: Thu Nov 19 22:06:43 2009
> New Revision: 882320
>
> URL: http://svn.apache.org/viewvc?rev=882320&view=rev
> Log:
> Improve workaround for CVE-2009-3555
> On the plus side, it doesn't rely on an async event to close the 
> connection
> On the down side, I haven't yet found a way to log client initiated 
> handshakes before they get closed
>
> Modified:
> 
> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
>    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
>
> Modified: 
> tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=882320&r1=882319&r2=882320&view=diff
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message