Summary: | When Tomcat was updated from version 5.5.27 to 5.5.32, SSL support for Tomcat does not work on AIX 5.3 TL-11 SP-2 | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Sridhar Murthy <murthys> |
Component: | Servlet & JSP API | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | murthys |
Priority: | P2 | ||
Version: | 5.5.32 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | AIX | ||
Attachments: |
Catalina Log
This server.xml works correctly for both SSL and non-SSL port for Tomcat 5.5.27 and fails to serve Tomcat on SSL port for Tomcat 5.5.32 2011-02-11_tc55_50744_JSSESocketFactory.patch 2011-02-14_tc55_50744_JSSESocketFactory.patch 2011-02-14 Binary version of the patch for 5.5.33 (unofficial) |
Description
Sridhar Murthy
2011-02-09 09:56:37 UTC
The download source for Tomcat 5.5.32 is: http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.32/bin/ The files that were downloaded are: _1_) apache-tomcat-5.5.32-compat.tar.gz 2011-01-23 20:52 1.6M _2_) apache-tomcat-5.5.32.tar.gz 2011-01-23 20:54 7.8M The chsums matched and there is no corruption of any of the binaries/files. (In reply to comment #0) > Catalina logs have some errors and I have attached the log to this BUG report). There is no attachment. Without seeing the actual error it is hard to help. You are going to provide some more information. This isn't a bug report: it's a request for help. Please post to the user list before filing a bug. If this is determined to be a bug, please re-open. Created attachment 26628 [details]
Catalina Log
I personally think that it is not a help request. We had a server.xml file working for both SSL port and Non-SSL port for Tomcat Version 5.5.27 We updated the Tomcat to Version 5.5.32 and used the same server.xml file. With that the SSL port of Tomcat stopped working. The O/S and all the other things have remained the same on the server on which Tomcat update was performed and that leads me to believe that something changed in Tomcat that caused the failure. I have upload the catalina log for your perusal. Kindly review the log and let me know if in fact it is a configuartion issue and I need to pursue it with user group. Thank you for your help and support in this matter. From the log: Feb 8, 2011 8:40:32 PM org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Feb 8, 2011 8:40:34 PM org.apache.coyote.http11.Http11BaseProtocol init SEVERE: Error initializing endpoint java.net.SocketException: Unbound server sockets not implemented at javax.net.ServerSocketFactory.createServerSocket(Unknown Source) at org.apache.tomcat.util.compat.Jdk14Compat.getUnboundSocket(Jdk14Compat.java:130) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:393) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:127) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:96) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:139) at org.apache.catalina.connector.Connector.initialize(Connector.java:1002) (...) Created attachment 26629 [details]
This server.xml works correctly for both SSL and non-SSL port for Tomcat 5.5.27 and fails to serve Tomcat on SSL port for Tomcat 5.5.32
Sumitting the server.xml file that works correctly for both SSL and non-SSL port for Tomcat 5.5.27 and fails to serve Tomcat on SSL port for Tomcat 5.5.32.
If Tomcat 5.5.32 is working correctly then should the server.xml that I have attached work corrctly (which worked as per the design on Tomcat 5.5.27) ?
Hi Konstantin: If all the configuartions required for the Tomcat to start services on both SSL port ( 8443) and non-SSL port (8080) are put in place in server.xml and when Tomcat server is started the services on port 8443 are not started with Tomcat 5.5.32 Here is the deal: root@svmciqa002 $ netstat -an | grep 8443 root@svmciqa002 $ netstat -an | grep 8080 tcp 0 0 *.8080 *.* LISTEN root@svmciqa002 $ I configure Tomcat 5.5.27 and use the same server.xml that was used for 5.5.32. Guess what - both ports (8443 and 8080) are listening as per the design: root@svmciqa002 $ netstat -an | grep 8443 tcp 0 0 *.8443 *.* LISTEN root@svmciqa002 $ netstat -an | grep 8080 tcp 0 0 *.8080 *.* LISTEN root@svmciqa002 $ I disagree with your argument that I have incorrect syntax with my server.xml file. If what you suspect is true, then I would not see the services on port 8443 for both Tomcat Versions (5.5.27 as well as 5.5.32) Kindly get back to me with your thoughts on this. Thank you for your help and support in this matter. Sri Created attachment 26630 [details] 2011-02-11_tc55_50744_JSSESocketFactory.patch (In reply to comment #8) > I disagree with your argument that I have incorrect syntax with my server.xml > file. Whom do you disagree with? I never said the above. The issue here is that the 1.4 JVM that you are using does not implement a feature of "unbound server sockets" that the current code uses. Looking at Jdk14Compat.java that probably stems from http://svn.apache.org/viewvc?view=revision&revision=778258 that apparently is a fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=45528 which is about 1,5 years ago. I am attaching a patch (for the current tc5.5.x, as of 5.5.33) that will probably fix this issue. Hi Konstantin: Thank you very much for working on this issue, identifying the problem and also providing a patch. I will download the patch and test it out before COB today. I missed the fact that Christopher Schultz made an update and inadvertantly I assumed that you indicated that "This isn't a bug report". I apologize for my mistake. Regards, Sridhar Created attachment 26651 [details]
2011-02-14_tc55_50744_JSSESocketFactory.patch
A better patch. Now it includes debug logging.
Created attachment 26652 [details]
2011-02-14 Binary version of the patch for 5.5.33 (unofficial)
Compiled classes that match the 2011-02-14_tc55_50744_JSSESocketFactory.patch patch, for Tomcat 5.5.33.
To install:
1) Install Tomcat 5.5.33
2) Unzip the archive into $CATALINA_HOME/server/classes
To enable debug logging in JSSESocketFactory, if you are using the default (JULI) logging, add the following line into $CATALINA_BASE/conf/logging.properties:
org.apache.tomcat.util.net.jsse.JSSESocketFactory.level=FINE
Note, that this is an unofficial patch and it is not released by ASF. Use it on your own risk.
I will test this out next week and let you know if the issue reported is resolved. Thank you very much Konstantin for helping me with the patch. Regards, Sri This has been fixed in 5.5.x and will be included in 5.5.34 onwards. |