It seems like the logic implemented for NONE as certificateKeystoreFile
deviates from the documentation. Currently NONE is always interpreted as
a file path, even for PKCS11. Looks like the comparison with NONE should
be inside the parentheses for the negation? A workaround is to use ""
instead of
In tomcat/webapps/docs/config/http.xml, it seems like the valid values for
the type attribute of the Certificate element should include DSA instead
of DSS, to match the enum used in the code?
https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java#L
On Wed, Jul 21, 2021, at 16:35, Mark Thomas wrote:
> I'm reluctant to remove the Expires header from the the
> securePagesWithPragma branch because that branch is for older HTTP/1.0
> proxies and I'm not confident that it isn't required for some proxies.
> I'm not confident it is required either
On Tue, Jul 20, 2021, at 10:04, Mark Thomas wrote:
> Cache headers have been somewhat of a moving target with different
> browsers behaving in different ways at different times over the years.
>
> I wanted to review the current state of things before forming an opinion
> on this suggestion. I fo
Hi!
I can understand the motivation for adding a Cache-Control header for
CONFIDENTIAL transport guarantees, as discussed in
http://tomcat.10.x6.nabble.com/tomcat-8-0-jre8-user-data-constraint-CONFIDENTIAL-user-data-constraint-adds-Cache-Control-private-tp5077170p5077201.html
But if the transport
