tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] Re: SSL configuration using PFX as keystore
Date Wed, 08 Jul 2015 13:49:12 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 7/7/15 9:39 AM, Mark Thomas wrote:
> On 30/06/2015 21:16, Mark Thomas wrote:
>> This is probably off-topic now so marking as such.
>> 
>> On 29/06/2015 14:29, André Warnier wrote:
>>> Mark Thomas wrote:
>>>> On 26/06/2015 19:37, Mark Thomas wrote:
>>>>> On 22/06/2015 11:56, Mark Thomas wrote:
>>>>>> On 22/06/2015 09:39, Mark Thomas wrote:
>>>>> <snip/>
>>>>> 
>>>>>> Prompting for authentication in response to an untrusted
>>>>>> certificate is bizarre to say the least.
> 
> <snip/>
> 
>> Progress, if you can call it that, has not been good. They have
>> now asked for additional network traces since:
>> 
>> <quote> ... to be able to understand what packets are sent by
>> client and what response did Server generate for the specific
>> packet, I would like to check a simultaneous trace on both
>> communication endpoints </quote>
>> 
>> I have just sent a very long, fairly stropy reply pointing out
>> the complete pointlessness of this request - not least because
>> the information they claim they don't have is right in front of
>> them in the form of the sequence and acknowledgement numbers in
>> the network trace.
> 
> This continues to drag on. The stropy e-mail got the issue
> re-assigned to someone with marginally more clue. They put together
> a test environment (with IIS instead of Tomcat) and then attempted
> to demonstrate that the issue did not occur and hence it must be a
> Tomcat problem.

"Our non-standard client works perfectly well with our non-standard
server. The fact that our non-standard client doesn't work with your
standards-compliant server obviously points to your software as the
problem."

Nice tautology you got there. It would be a shame if something were to
happen to it.

*sigh*

Well, if you're willing to continue to tilt at this particular
windmill, it would be a great service to the world. I'm not hopeful,
though, as WebDAV support in Microsoft Windows has degraded
consistently over the past 10 years and never improved. I don't know
why they even bother to /claim/ support for it anymore. Evidently,
nobody in the Microsoft world gives a rats posterior about WebDAV...
they all use SMB anyway.

> However, once they had configured their environment to match my
> original bug report (server using cert issued by CA client doesn't
> trust, server configured not to require authentication) imagine my
> lack of surprise when the problem was repeated with IIS. Needless
> to say the other end of the conference call went very, very quiet
> at that point.
> 
> The issue has now been passed to yet another support employee (I
> refuse to call these people engineers) who apparently wants to
> discuss the issue further. What they can possibly need to discuss
> at this point I have no idea but having told them (again) how to
> contact me I am waiting to hear from them.
> 
> I also discovered that - despite the conference call - the latest 
> support ticket update from Microsoft claimed the issue could not
> be repeated with IIS.
> 
> It appears that the issue has been passed to the IIS team which
> makes no sense at all since all the evidence points to this being a
> WebDAV client bug and I have been making that point since this
> whole sorry episode started.

The good news is that the IIS team is likely to refuse to accept
responsibility for the bug (because, by definition, IIS contains zero
bugs) and likely to pass the buck back to the WebDAV client team. If
you catch them at just the right time, you may be able to show MS how
to do their own jobs.

> While I continue to appreciate the free MSDN license Microsoft
> kindly provide to Apache committers, I must confess to being
> completely unimpressed by Microsoft's support structures and count
> myself fortunate that I don't have to run an IT infrastructure that
> relies on them.

+1

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVnSpYAAoJEBzwKT+lPKRYCDkP/2KJK6mjA0rCQ8m/cT+3iPTe
bDyXDNTs4g2aycCdKReW9MtcGwy0Qf2M5YEv6+f5EzKjDeMuR5KZU2kieqFf0nh2
DOft4iCLFdbynqyXHPq0fEpbg0dGJjAr9sB+ifA/0t+2v7iXB2bxvfu/2MZrhHYl
I9L2zGrrq3JcuXrEMINm5PZJDkHwHf1lWrXTk/P/2hCw7mHFVj9qraPE3bfQULVZ
XviuW4l7TfbIfqu5B8w42/VYayOC3l9rh4eW59Eea44bikj44c9q2OuB94JNXYy8
mvSS2oyOX0pe2JtjrAt0XFHL7fuz4C4bbZeEremdYrLclbVlC20PuKvxeuvuEfXn
jE71qIuP+4vPD5+VlUuyIkW04r73CqeaEYGQPatrBCA+J702B05IsND3JF7ZHrdq
/Ms7PugZurLJD99/UJMCvFCDnPiuL4jWMDo1NLDq5BOCXHtdN2KeDYG0zTJhh2Dk
nH1y/sdJ8B3Uaya8heK7b+oxR2LS77vfmTyYRD9KMIgFDeMay1hPOvy9nAot2PEw
CJkfd1YVVl+0Ym9mqKq4wybTguSXfA4DrC98H3BskuWhtB3Ev79bUCPsHxa8je1k
FcN3+KaslxAk3UcxvgsXTagRIGo3S7Wnk8X2LOqrAmB0m9A8kMZuT3lHiCyhyPxG
GhatQDMYanSiOd3NJNTc
=+Gqo
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message