tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: [VOTE] Over-zealous svn commit to Tomcat 6.0
Date Tue, 10 Sep 2013 18:37:05 GMT
2013/9/10 Christopher Schultz <chris@christopherschultz.net>:
> All,
>
> I recently, forgetting the current RTC policy, made a commit to the
> Tomcat 6 trunk without making a proposal. Mark pointed out my mistake
> and I'm prepared to revert the patch if necessary.
>
> It is, however, a minor code patch (added a Connector configuration
> property alias) and the rest is documentation. You can find the patch
> here: http://svn.apache.org/r1521514
>
> In order to avoid a whole round of svn acrobatics (revert, propose,
> vote, re-commit), I'd like to ask the committers to vote retrospectively
> on my patch. If the vote passes (3+ binding), then I'll consider the
> proposal accepted and take no further action. If the vote fails to pass,
> I shall revert the patch and make a formal proposal.
>
> The VOTE will remain open for at least 48 hours.
>
> Patch http://svn.apache.org/r1521514 is
>
> [x] Okay, leave it committed and don't do it again

but please fix the following in documentation:

1) A typo in attribute name in changelog,
s/ sslEnableProtocols / sslEnabledProtocols /

2) Update documentation for "sslProtocol" attribute, in the same way
as it is in Tomcat 7,
to clarify its relation with sslEnabledProtocols.

It is a bit unusual that instead of documenting the two existing names
for this attribute ("sslProtocols", "protocols") we are introducing
the third one,  but I am OK with this, as this matches Tomcat 7.

I have not tested this new attribute, though.
Looking at JSSESocketFactory I see how the "protocols" attribute works,
but I am not sure how it handles incorrect values.

There was related bug report for Tomcat 7:
https://issues.apache.org/bugzilla/show_bug.cgi?id=54406

>From the code it looks that JSSESocketFactory.getEnabledProtocols(...)
silently swallows incorrect values without any logging and I think
it may result in insecure configuration.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message