-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Konstantin,
On 12/4/19 13:33, Konstantin Kolinko wrote: > ср, 4 дек. 2019 г. в 20:28, Christopher Schultz > <ch...@christopherschultz.net>: >> >> All, >> >> I feel like I should be able to figure this out on my own, but >> I'm drawing a blank. >> >> I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache Tomcat >> 8.5.35 and I'm getting errors on a certain portion of the >> conf/server.xml configuration. >> >> I copy have a perfect copy/paste of the config file here but >> basically this is configuring a keystore for TLS. Something like >> this: >> >> <Connector [...] keystoreFile="E:\path\to\keystore.jks" [...] /> >> >> The error is "unknown protocol: e". Clearly, >> Tomcat/Java/URL/whatever thinks that "E:" is a protocol. No >> problem... this has to be a file URL, so let's make it a file >> URL: [...] > > Chris, > > 1) Do know where that message is produced? (Stacktrace? What > version of Tomcat?) > > E.g. it may be that the code has several attempts to use the value > a) as file path, b) as URL, and you only see the message from the > second attempt b), but it is a) that fails. I can get all that. I don't have access ATM. This was definitely being called through createSSLContext() and getStore() while loading the keystore. I'll write back when I have that exact info. > Is your keystoreFile path correct? Yes, if you ignore the fact that I cannot figure out how to "spell" it properly :) This works without error on the same Java version but using Tomcat 8.0.3 5. > 2) Why the settings are specified on a <Connector>. They will be > translated into <SSLHostConfig>/<Certificate> on the fly, but > maybe something is broken. > > http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_- _Certificate > > It says that certificateKeystoreFile can be an URI. We wanted to try Tomcat 8.5 with a (nominally) 8.0-compatible configuration. This was a first-effort test and I was thrown by the "unknown protocol" error. > 3) Does you connector use JSSE or OpenSSL? JSSE > There is some code that translates between the two configuration > flavors on the fly, but maybe something is broken. > >> I'm using Oracle Java 1.8.0 build 161. > > FYI, an up-to-date version of Java 8 for Windows is available from > AdoptOpenJDK. https://adoptopenjdk.net/ > > It is 8u232 now. Understood. I've been told that upgrading Java is a possibility but I wanted to see if I could fix this via configuration, first. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3oCy4ACgkQHPApP6U8 pFipwg//dtvDR5Q/ZqoAKoIqJdXKBGnmbqz1rQaq9iiHe3/5PVHE6zseiN+ja4BK 1tUWY1HNgYmTU4kbhtaEHAL8dbbguHGN/g14LIf/hGqXD6A5Srl/ab+/F6rmdY8v RIgKy3pVx0fputw64cRISg3IzcsV4+eHTdQ2a7B1o6lvwU6fQCrji7Gjf+ZI3Aio c7laygyfm7WYtBOBkFnb9sjxGH7GydWacXUNnzqcPzi5WfZY2J+N29KHCSfX2OKW 2A2t+I6jBmhLIoMJc9BO5oMC9TzGKwJRwR+gccwxwPUY7z5s0wkHDB56rVWPzkQp iB1JMH32rMjRYpaPOQYz+LqUenu7gJM9i4rTXPL/uKVoR3CUg5dgD+uOnTLE2AxE dezASvq3WncW9Lpxnxu8pMp5y/CDrueIHEqoQJy0MG8P01f2clYtIZKvuh+GNQeB CfpYEe4TaXgdCU1Hlrl54S8L2jbRU7hDtvMJrsYcxsJdA7iIMjMSbkMmlGkQX0pL 9aM8vAQ/3epOeDV1eoqKywiD/AifrmsVa7XkuoGBEeiMEF+bM7I0Yoehrj8tnN+p uD8ji85gR0YQZysqRQpK6IpsWz9kB8Lh3m+fl7Xe9Ha2tNMXjhIAi3VcZp5Lmh4a Q5K/nQDEGL9hlfqN5vxTxQ1Wfn65MwzxUAAiPbDBjRP1cij0biE= =LJMq -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
