-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'm trying to use JMX to do things with Tomcat Connectors and ProtocolHandlers. Specifically, I'd like to re-load the keystore (really certificate) used for an HTTPs connection. I'm currently using Tomcat 8.0.30 for my testing. It looks like the ProtocolHandler is really the place where the TLS configuration is taking effect, and not the Connector, so I'm largely ignoring the Connector for now. Is that the right choice to make, here? It seems that calling the pause()/resume() or stop()/start() on the ProtocolHandler have no effect on resetting the SSLServerSockeyFactory, which is what would be required to achieve my goals (update a certificate for a running Tomcat instance). I suspect I'll have to call init(). When I do this without specifying bindOnInit=false awful things happen. First, calling init() gets me an error on stdout that the address is already in use, and then it's basically not possible to restart the ProtocolHandler after that point: it's dead as far as I can tell, because you can't call start() or resume() without getting a whole bunch of errors. Does that sound like a problem to anyone? I would think that failure to call init() would leave the ProtocolHandler in an uninitialized state, but I'm wondering if trying to RE-initialize the ProtocolHandler should be something that won't damage a previously-initialized component. When trying to script these types of connections, having a non-destructive init() might be useful. So, I set bindOnInit="false" which is documented[1] to unbind on "stop". When calling stop(), the port continues to be bound by Tomcat. Calling stop() and then start() throws a BindException. :( Destroying the ProtocolHandler also leaves the port still bound, and also (unsurprisingly) destroys the ProtocolHandler. Stopping the Connector also does not release the port. :( Calling stop() and then start() also throws a BindException. At this point, I think I'm stuck. Is there a bug here? I'm going to upgrade to 8.0.latest and repeat my tests, just in case. Thanks, - -chris [1] http://tomcat.apache.org/tomcat-8.0-doc/config/http.html -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYQKtEAAoJEBzwKT+lPKRYuIgQAJ9UP58XujGXn8K1ucxNkm4H 2Y+1x+mTHTH1Rkkm6KTRPOPOjY98yIrl+oO91m/hsHrTVQJ/QdQ8y9hIpKCv8S3i KWyi54627RiefiMc9l1p6/iYsXe5Sntysln02ADUEG4sSSnqwmL1mvsoZlIOXvLd A+50PKIAtUyG46tqLugfV1YmzUOqkAMEXzF1son6Z/RcH9Eoct8Ez5eb4U1VMoLu pIlsvrIrEdgrlbvcL0nHHaeR0FjBJprvg80mPe7YaSZiRedAohWizPfJ7kcnVyeZ 8dj9H0MO2GvJOtZCnVcy+6Mlg1WR3DYawNMRL+RKRl32prwdR3A3LkEgF4JVJc+c +KEhLFlDUhgKhv/axTz69dR7fIk7Haswed9IV5t6ZAZP1CY3fkDhMtMqb3k+NhMh UVxd8Wi2uxbRI4HtbxBmwv0Nry5khrQZuFaobOmw5ZCOuOWmdyMQbKRHa0Y0YCLZ TUiQVwP7plXOcOqnk4U8akvjyzV+I3OoFB2SZmeA/sHOj18aA2KMr+vx6phRWMTY MsJ7D4zqsTS43UqQSYEVu0jpcqD1RigaVCpSUldUdd16VvzqethXxtKYQ/OnR5Kl 0nL/MHfTw+HqGEdBXQQXasSoPNBE1fQuyZKGXOA5rzOhlygFMwmzFUzURKSDCvqz DjUn9zF29Fol4gTOKKX0 =xoqM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
