Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BE2B29BE6 for ; Thu, 10 Nov 2011 16:52:32 +0000 (UTC) Received: (qmail 11359 invoked by uid 500); 10 Nov 2011 16:52:32 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 11238 invoked by uid 500); 10 Nov 2011 16:52:31 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 11229 invoked by uid 99); 10 Nov 2011 16:52:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Nov 2011 16:52:31 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [76.96.27.227] (HELO qmta12.emeryville.ca.mail.comcast.net) (76.96.27.227) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Nov 2011 16:52:23 +0000 Received: from omta03.emeryville.ca.mail.comcast.net ([76.96.30.27]) by qmta12.emeryville.ca.mail.comcast.net with comcast id vUZN1h0090b6N64ACUrvCe; Thu, 10 Nov 2011 16:51:55 +0000 Received: from Christophers-MacBook-Pro.local ([208.181.48.10]) by omta03.emeryville.ca.mail.comcast.net with comcast id vUt01h0010DBW7C8PUt3XE; Thu, 10 Nov 2011 16:53:07 +0000 Message-ID: <4EBC0129.3080107@christopherschultz.net> Date: Thu, 10 Nov 2011 08:51:53 -0800 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: svn commit: r1199980 - in /tomcat/trunk/java/org/apache: catalina/core/AprLifecycleListener.java catalina/core/LocalStrings.properties tomcat/jni/SSL.java References: <20111109213432.4D4F523889DE@eris.apache.org> <4EBAF96D.2080307@apache.org> <4EBAFA0E.4060908@christopherschultz.net> <4EBAFADF.2060608@apache.org> <4EBB0D14.7010509@christopherschultz.net> <4EBBDFA4.7000702@apache.org> In-Reply-To: <4EBBDFA4.7000702@apache.org> X-Enigmail-Version: 1.3.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1B5AE4633F9ADFFDD93D24E4" --------------enig1B5AE4633F9ADFFDD93D24E4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Mark, On 11/10/11 6:28 AM, Mark Thomas wrote: > On 09/11/2011 23:39, Konstantin Kolinko wrote: >> Maybe add explicit FIPS mode status check below the above error >> handling? Something like: >> >> if ("on".equalsIgnoreCase(FIPSMode) && !fipsModeActive) { >> fail fatally; >> } >=20 > +1 Sounds good to me. What about checking for either FIPS *or* SSL initialization failure? I suppose that the connector will bomb if SSL doesn't initialize properly. -chris --------------enig1B5AE4633F9ADFFDD93D24E4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk68ASkACgkQ9CaO5/Lv0PCdOQCgwkqVjehoLEleSRJlKCJFBaSO 1ikAoL5PszBp+4+N1iP4tIRfIdmvQYnw =Y4dt -----END PGP SIGNATURE----- --------------enig1B5AE4633F9ADFFDD93D24E4--