tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51343] New: Inconsistency in ssl-howto apr example configuration
Date Wed, 08 Jun 2011 17:48:14 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51343

             Bug #: 51343
           Summary: Inconsistency in ssl-howto apr example configuration
           Product: Tomcat 7
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: ivolation@gmail.com
    Classification: Unclassified


Sam as in Bug 51342

I checked the same config examples (docs/ssl-howto.xml, apr.xml) and saw the
same issue.

----
When going through the SSL docs to use APR for native OpenSSL I found an
inconsistency in the docs.

in
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
it suggests that a correct connector in the server.xml should look like:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector 
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt" 
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           clientAuth="optional" SSLProtocol="TLSv1"/>
-->

this however didn't work and resulted in:

WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'true' did not find a matching property.

An actual working config can be found in
http://tomcat.apache.org/tomcat-7.0-doc/apr.html#HTTPS . I propose copying the
example section:

<Connector port="443" maxHttpHeaderSize="8192"
               maxThreads="150"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEnabled="true" 
               SSLCertificateFile="${catalina.base}/conf/localhost.crt"
               SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />

To replace the, what I believe to be false, example in the ssl-howto.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message