tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: svn commit: r1353709 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/ssl-howto.xml
Date Tue, 26 Jun 2012 16:56:59 GMT
2012/6/25  <markt@apache.org>:
> Author: markt
> Date: Mon Jun 25 19:29:44 2012
> New Revision: 1353709
>
> URL: http://svn.apache.org/viewvc?rev=1353709&view=rev
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53459
> Fix SSLVerifyClient option in APR SSL example and further clarify how to modify server.xml
based on the desired connector implementation.
>
> Modified:
>    tomcat/tc7.0.x/trunk/   (props changed)
>    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
>    tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
>
> Propchange: tomcat/tc7.0.x/trunk/
> ------------------------------------------------------------------------------
>  Merged /tomcat/trunk:r1353708
>

> Modified: tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml
> URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml?rev=1353709&r1=1353708&r2=1353709&view=diff
> ==============================================================================
> --- tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml (original)
> +++ tomcat/tc7.0.x/trunk/webapps/docs/ssl-howto.xml Mon Jun 25 19:29:44 2012
> @@ -343,11 +343,14 @@ sources like "/dev/urandom" that will al
>  <code>$CATALINA_BASE</code> represents the base directory for the
>  Tomcat instance.  An example <code>&lt;Connector&gt;</code> element
>  for an SSL connector is included in the default <code>server.xml</code>
> -file installed with Tomcat.  For JSSE, it should look something like this:</p>
> +file installed with Tomcat.  To configure an SSL connector that uses JSSE, you
> +will need to remove the comments and edit it so it looks something like
> +this:</p>
>  <source>
>  &lt;-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --&gt;
> -&lt;!--
> +&lt;-- Hard-coded to use the NIO protocol implementation   --&gt;
>  &lt;Connector
> +           protocol="org.apache.coyote.http11.Http11NioProtocol"
>            port="8443" maxThreads="200"
>            scheme="https" secure="true" SSLEnabled="true"
>            keystoreFile="${user.home}/.keystore" keystorePass="changeit"
> @@ -355,19 +358,20 @@ file installed with Tomcat.  For JSSE, i
>  --&gt;
>  </source>
>  <p>
> -  The example above will throw an error if you have the APR and the Tomcat Native libraries
in your path,
> -  as Tomcat will try to use the APR connector. The APR connector uses different attributes
for
> -  SSL keys and certificates. An example of an APR configuration is:
> +  The example above will throw an error if you have the APR and the Tomcat
> +  Native libraries in your path, as Tomcat will try to use the APR connector.

The above comment is misplaced. The above example now explicitly uses
NIO connector. The APR one is used by example below.

> +  The APR connector uses different attributes for many SSL settings,
> +  particularly keys and certificates. An example of an APR configuration is:
>  <source>
>  &lt;-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --&gt;
> -&lt;!--
> +&lt;-- Hard-coded to use the APR protocol implementation   --&gt;
>  &lt;Connector
> +           protocol="org.apache.coyote.http11.Http11AprProtocol"
>            port="8443" maxThreads="200"
>            scheme="https" secure="true" SSLEnabled="true"
>            SSLCertificateFile="/usr/local/ssl/server.crt"
>            SSLCertificateKeyFile="/usr/local/ssl/server.pem"
> -           clientAuth="optional" SSLProtocol="TLSv1"/&gt;
> ---&gt;
> +           SSLVerifyClient="optional" SSLProtocol="TLSv1"/&gt;
>  </source>
>  </p>
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message