Return-Path: 
 <users-return-225112-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3ACF56182
	for <apmail-tomcat-users-archive@www.apache.org>;
 Fri,  3 Jun 2011 13:50:54 +0000 (UTC)
Received: (qmail 92225 invoked by uid 500); 3 Jun 2011 13:50:50 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 92181 invoked by uid 500); 3 Jun 2011 13:50:50 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 92172 invoked by uid 99); 3 Jun 2011 13:50:50 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Jun 2011 13:50:50 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=FREEMAIL_FROM,HTML_IMAGE_ONLY_32,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of ivolation@gmail.com
 designates 74.125.82.43 as permitted sender)
Received: from [74.125.82.43] (HELO mail-ww0-f43.google.com) (74.125.82.43)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Jun 2011 13:50:43 +0000
Received: by wwb17 with SMTP id 17so1582121wwb.0
        for <users@tomcat.apache.org>; Fri, 03 Jun 2011 06:50:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:message-id:date:from:user-agent:mime-version:to
         :subject:content-type;
        bh=qvktMisCmm3tTek1UK/NfCrqBMeaX4rgYUuKavxjIGQ=;
        b=wLeKmgVTdADiGxYzMAX1/9nlOg4onFR4tE3IVQygjKQTF9oiYUuKGAeX8G6X8iHR6x
         RuIsVoN2aeUSOwlMdq1f7pM1f72VUN2z8hargkr1g3IsDY9t0JCmHIflcUGO/+xCddjH
         VYi11ItyEvbONFURw1bc0tcHBKvCQK+qm8W+w=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject
         :content-type;
        b=l/H82xf7y9h9xURz2hKSjxl7/69ECtzPiT1z1HiyJpFrZqN0p4Fl5bNC/TehM+QOox
         xMgWTYh/5rpryRKIvaS7Ig0dexMmQ/jo3Z+8YqQ1GFqUivL7xG7gTXXX3e12vI79MoPs
         WIeU7uR8a2DtbLm4svRhTe4WjRoC5lELIlxAI=
Received: by 10.227.128.203 with SMTP id l11mr1997304wbs.79.1307109020254;
        Fri, 03 Jun 2011 06:50:20 -0700 (PDT)
Received: from [172.31.120.73] ([212.58.232.179])
        by mx.google.com with ESMTPS id et5sm1060343wbb.33.2011.06.03.06.50.18
        (version=SSLv3 cipher=OTHER);
        Fri, 03 Jun 2011 06:50:19 -0700 (PDT)
Message-ID: <4DE8E699.1080800@gmail.com>
Date: Fri, 03 Jun 2011 14:50:17 +0100
From: Ivo Kammerath <ivolation@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
 rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Inconsistency in user documentation
Content-Type: multipart/alternative;
 boundary="------------030302040202000202020904"

--------------030302040202000202020904
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

When going through the SSL docs to use APR for native OpenSSL I found an 
inconsistency in the docs. However I couldn't quite find how to change 
it as http://tomcat.apache.org/getinvolved.html  only states 
/"Contribute other documentation patches, either for the website or for 
the Apache Tomcat user documentation."/ without providing links on how 
to do so.  So I thought I post it here, such that you can point me in 
the right direction.

in 
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File 
it suggests that a correct connector in the server.xml should look like:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
            port="8443" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            SSLCertificateFile="/usr/local/ssl/server.crt"
            SSLCertificateKeyFile="/usr/local/ssl/server.pem"
            clientAuth="optional" SSLProtocol="TLSv1"/>
-->

this however didn't work and resulted in:

WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clientAuth' to 'true' did not find a matching property.

An actual working config can be found in 
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS . I propose 
copying the example section:

<Connector port="443" maxHttpHeaderSize="8192"
                maxThreads="150"
                enableLookups="false" disableUploadTimeout="true"
                acceptCount="100" scheme="https" secure="true"
                SSLEnabled="true"
                SSLCertificateFile="${catalina.base}/conf/localhost.crt"
                SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />

To replace the, what I believe to be false, example in the ssl-howto. In 
addition I would like to provide a link to the apr https guide right there.

Is this something I can do myself, If yes how can I do this? Is there 
some kind of content management behind the general web pages or is this 
simply static content? Am I even allowed to make this change myself?

many thanks in advance
Ivo





--------------030302040202000202020904
Content-Type: multipart/related;
 boundary="------------020803070006000301090302"


--------------020803070006000301090302
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    Hello,<br>
    <br>
    When going through the SSL docs to use APR for native OpenSSL I
    found an inconsistency in the docs. However I couldn't quite find
    how to change it as <a class="moz-txt-link-freetext" href="http://tomcat.apache.org/getinvolved.html">http://tomcat.apache.org/getinvolved.html</a>&nbsp; only
    states <i>"Contribute other documentation patches, either for the
      website or for the Apache Tomcat user documentation."</i> without
    providing links on how to do so.&nbsp; So I thought I post it here, such
    that you can point me in the right direction.<br>
    <br>
    in
    <a class="moz-txt-link-freetext" href="http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File">http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File</a>
    it suggests that a correct connector in the server.xml should look
    like:<br>
    <img alt="" src="cid:part1.07020709.08070803@gmail.com" vspace="0"
      width="1" border="0" height="1" hspace="0">
    <pre>&lt;-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --&gt;
&lt;!--
&lt;Connector 
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt" 
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           clientAuth="optional" SSLProtocol="TLSv1"/&gt;
--&gt;

</pre>
    this however didn't work and resulted in:<br>
    <pre>WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clientAuth' to '<span class="code-keyword">true</span>' did not find a matching property.
</pre>
    An actual working config can be found in
    <a class="moz-txt-link-freetext" href="http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS">http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS</a> . I propose
    copying the example section:<br>
    <pre>&lt;Connector port="443" maxHttpHeaderSize="8192"
               maxThreads="150"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEnabled="true" 
               SSLCertificateFile="${catalina.base}/conf/localhost.crt"
               SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /&gt;

</pre>
    To replace the, what I believe to be false, example in the
    ssl-howto. In addition I would like to provide a link to the apr
    https guide right there.<br>
    <br>
    Is this something I can do myself, If yes how can I do this? Is
    there some kind of content management behind the general web pages
    or is this simply static content? Am I even allowed to make this
    change myself?<br>
    <br>
    many thanks in advance<br>
    Ivo<br>
    <br>
    <br>
    <br>
    <br>
  </body>
</html>

--------------020803070006000301090302
Content-Type: image/gif;
 name="void.gif"
Content-Transfer-Encoding: base64
Content-ID: <part1.07020709.08070803@gmail.com>
Content-Disposition: inline;
 filename="void.gif"

R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==
--------------020803070006000301090302--

--------------030302040202000202020904--