tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [OT] Re: SSL configuration using PFX as keystore
Date Tue, 07 Jul 2015 13:39:56 GMT
On 30/06/2015 21:16, Mark Thomas wrote:
> This is probably off-topic now so marking as such.
> 
> On 29/06/2015 14:29, André Warnier wrote:
>> Mark Thomas wrote:
>>> On 26/06/2015 19:37, Mark Thomas wrote:
>>>> On 22/06/2015 11:56, Mark Thomas wrote:
>>>>> On 22/06/2015 09:39, Mark Thomas wrote:
>>>> <snip/>
>>>>
>>>>> Prompting for authentication in response to an untrusted certificate
is
>>>>> bizarre to say the least.

<snip/>

> Progress, if you can call it that, has not been good. They have now
> asked for additional network traces since:
> 
> <quote>
> ... to be able to understand what packets are sent by client and what
> response did Server generate for the specific packet, I would like to
> check a simultaneous trace on both communication endpoints
> </quote>
> 
> I have just sent a very long, fairly stropy reply pointing out the
> complete pointlessness of this request - not least because the
> information they claim they don't have is right in front of them in the
> form of the sequence and acknowledgement numbers in the network trace.

This continues to drag on. The stropy e-mail got the issue re-assigned
to someone with marginally more clue. They put together a test
environment (with IIS instead of Tomcat) and then attempted to
demonstrate that the issue did not occur and hence it must be a Tomcat
problem.

However, once they had configured their environment to match my original
bug report (server using cert issued by CA client doesn't trust, server
configured not to require authentication) imagine my lack of surprise
when the problem was repeated with IIS. Needless to say the other end of
the conference call went very, very quiet at that point.

The issue has now been passed to yet another support employee (I refuse
to call these people engineers) who apparently wants to discuss the
issue further. What they can possibly need to discuss at this point I
have no idea but having told them (again) how to contact me I am waiting
to hear from them.

I also discovered that - despite the conference call - the latest
support ticket update from Microsoft claimed the issue could not be
repeated with IIS.

It appears that the issue has been passed to the IIS team which makes no
sense at all since all the evidence points to this being a WebDAV client
bug and I have been making that point since this whole sorry episode
started.

While I continue to appreciate the free MSDN license Microsoft kindly
provide to Apache committers, I must confess to being completely
unimpressed by Microsoft's support structures and count myself fortunate
that I don't have to run an IT infrastructure that relies on them.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message