Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C8580200C23 for ; Wed, 22 Feb 2017 18:47:43 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C6E71160B62; Wed, 22 Feb 2017 17:47:43 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 162D0160B49 for ; Wed, 22 Feb 2017 18:47:42 +0100 (CET) Received: (qmail 12853 invoked by uid 500); 22 Feb 2017 17:47:42 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 12842 invoked by uid 99); 22 Feb 2017 17:47:42 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Feb 2017 17:47:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id A732AC1471 for ; Wed, 22 Feb 2017 17:47:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id d-TP8QTTUuss for ; Wed, 22 Feb 2017 17:47:39 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 2CF5B5F1B8 for ; Wed, 22 Feb 2017 17:47:39 +0000 (UTC) Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id 98349E012B for ; Wed, 22 Feb 2017 17:47:35 +0000 (UTC) Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33) id B402161015; Wed, 22 Feb 2017 17:47:34 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 60762] Enhancement: Add support for runtime SNI changes in tomcat-embed Date: Wed, 22 Feb 2017 17:47:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 8 X-Bugzilla-Component: Connectors X-Bugzilla-Version: 8.5.x-trunk X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: jesse@dreamtsoft.com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: ---- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 archived-at: Wed, 22 Feb 2017 17:47:44 -0000 https://bz.apache.org/bugzilla/show_bug.cgi?id=3D60762 --- Comment #2 from Jesse --- In version 8.5.9 that we are running it looks like that method calls putIfAbsent against the sslHostConfigs map, throwing an IllegalArgumentException if there is a duplicate SSLHostConfig object for t= he given key/hostname. From what I can tell there is no existing public metho= d in 8.5.9 to modify an existing SSLHostConfig once loaded, additionally the met= hods to do so properly with regard to ssl context release/create are protected.= =20 Please correct me if my understanding of this is wrong. Also, in the case where an SSL certificate or SSLHostConfig object needs to= be removed for any reason, this method would not suffice with either behavior. When you say that the new SSLHostConfig has no effect without bouncing the whole connector, is this in a newer tomcat version? Or do you refer to the newly created SSLHostConfig object that we are creating and putting in the sslHostConfigs map? In the latter case we definitely are seeing the newly created SSLHostConfig object taking effect and new requests to it's hostname are being served the corresponding certificate. --=20 You are receiving this mail because: You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org