tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1353708 - /tomcat/trunk/webapps/docs/ssl-howto.xml
Date Mon, 25 Jun 2012 19:27:53 GMT
Author: markt
Date: Mon Jun 25 19:27:52 2012
New Revision: 1353708

URL: http://svn.apache.org/viewvc?rev=1353708&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53459
Fix SSLVerifyClient option in APR SSL example and further clarify how to modify server.xml
based on the desired connector implementation.

Modified:
    tomcat/trunk/webapps/docs/ssl-howto.xml

Modified: tomcat/trunk/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ssl-howto.xml?rev=1353708&r1=1353707&r2=1353708&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/ssl-howto.xml (original)
+++ tomcat/trunk/webapps/docs/ssl-howto.xml Mon Jun 25 19:27:52 2012
@@ -343,11 +343,14 @@ sources like "/dev/urandom" that will al
 <code>$CATALINA_BASE</code> represents the base directory for the
 Tomcat instance.  An example <code>&lt;Connector&gt;</code> element
 for an SSL connector is included in the default <code>server.xml</code>
-file installed with Tomcat.  For JSSE, it should look something like this:</p>
+file installed with Tomcat.  To configure an SSL connector that uses JSSE, you
+will need to remove the comments and edit it so it looks something like
+this:</p>
 <source>
 &lt;-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --&gt;
-&lt;!--
+&lt;-- Hard-coded to use the NIO protocol implementation   --&gt;
 &lt;Connector
+           protocol="org.apache.coyote.http11.Http11NioProtocol"
            port="8443" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            keystoreFile="${user.home}/.keystore" keystorePass="changeit"
@@ -355,19 +358,20 @@ file installed with Tomcat.  For JSSE, i
 --&gt;
 </source>
 <p>
-  The example above will throw an error if you have the APR and the Tomcat Native libraries
in your path,
-  as Tomcat will try to use the APR connector. The APR connector uses different attributes
for
-  SSL keys and certificates. An example of an APR configuration is:
+  The example above will throw an error if you have the APR and the Tomcat
+  Native libraries in your path, as Tomcat will try to use the APR connector.
+  The APR connector uses different attributes for many SSL settings,
+  particularly keys and certificates. An example of an APR configuration is:
 <source>
 &lt;-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --&gt;
-&lt;!--
+&lt;-- Hard-coded to use the APR protocol implementation   --&gt;
 &lt;Connector
+           protocol="org.apache.coyote.http11.Http11AprProtocol"
            port="8443" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            SSLCertificateFile="/usr/local/ssl/server.crt"
            SSLCertificateKeyFile="/usr/local/ssl/server.pem"
-           clientAuth="optional" SSLProtocol="TLSv1"/&gt;
---&gt;
+           SSLVerifyClient="optional" SSLProtocol="TLSv1"/&gt;
 </source>
 </p>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message