Leonard Sitongia (sit...@ucar.edu)

On Jan 6, 2005, at 12:07 PM, Wade Chandler wrote:

> I don't know the answer...figured I would try to give you help in
> thinking about the issue.
>

Thanks!  That was just the kind of thinking I was hoping to hear.  If 
not an answer, then it sure helps to get ideas of other ways of
experimenting.

==Leonard


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]

Resolved this by increasing the bufferSize and maxHttpHeaderSize in the
Tomcat configuration file.

Have no idea why there's no diagnostic information about this from
Tomcat, but it simply appears to be a matter of the cookie size making
the header too large, which only happened to come up when using SSL,
and Tomcat simply didn't respond?


==Leonard E. Sitongia
     Web Engineering Group
     National Center for Atmospheric Research
     P.O. Box 3000 Boulder CO 80307  USA
[email protected: sit...@ucar.edu] voice: (303)497-2454 fax: (303)497-1804


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]

More information:

Looks like this is not related the the secure nature (digitally signed)
of the cookie, but the size.  A cookie over about 3k will trigger this 
problem.

Also, it looks like Tomcat doesn't receive the request, so the problem
may be in SSL.  It is hard to tell, since it seems like it could be 
that Tomcat isn't logging in the part of the code that this is hitting.

Is this a problem in Java SSL?

Thanks for any help you can offer!

==Leonard

On Jan 5, 2005, at 10:58 AM, Leonard Sitongia wrote:

> I have configured Tomcat 5.0.27 on the localhost to accept https
> connections (I have configured an unsigned cert under the alias
> "tomcat" to allow this).
>
> I can then get to the root Tomcat page at https://localhost:8443/.
>
> If my browser happens to have a signed cookie in it (this cookie is a
> signed S/MIME message that contains the signing certificate and so is
> 3765 bytes long - it is used by some homegrown Apache httpd apps that
> are unrelated to Tomcat), then Tomcat no longer responds on 8443. I
> can still get to the Tomcat root page with http://localhost:8080/, but
> when I try https://localhost:8443/ then Netscape 7 says "document
> contains no data" and Safari says “bad server response”
> (NSURLErrorDomain:-1011).
>
> Nothing is logged by Tomcat about this. There are no error messages
> at any time from Tomcat.
>
> My browser and server are on Mac OS X.
>
> I tried puting the signing cert that is used to sign the S/MIME
> message into the keystore for Tomcat. That didn't help. I don't know
> how to put the signing key into the keystore... maybe that's
> inadvisable anyway?
>
> Is this simply a matter of the size of the cookie, or will Tomcat try
> to do something with the cookie even though it is not intended to be
> used by any apps in Tomcat? What should I investigate and try to
> resolve this?
>
> Thanks for your help!
>
> ==Leonard E. Sitongia
>     Web Engineering Group
>     National Center for Atmospheric Research
>     P.O. Box 3000 Boulder CO 80307  USA
> [email protected: sit...@ucar.edu] voice: (303)497-2454 fax: (303)497-1804
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
> For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]

I have configured Tomcat 5.0.27 on the localhost to accept https
connections (I  have configured an unsigned cert under the alias 
"tomcat" to allow this).

I can then get to the root Tomcat page at https://localhost:8443/.

If my browser happens to have a signed cookie in it (this cookie is a
signed S/MIME message that contains the signing certificate and so is
3765 bytes long - it is used by some homegrown Apache httpd apps that
are unrelated to Tomcat), then Tomcat no longer responds on 8443.  I 
can still get to the Tomcat root page with http://localhost:8080/, but
when I try https://localhost:8443/ then Netscape 7 says "document
contains no data" and Safari says “bad server response”
(NSURLErrorDomain:-1011).

Nothing is logged by Tomcat about this.  There are no error messages at 
any time from Tomcat.

My browser and server are on Mac OS X.

I tried puting the signing cert that is used to sign the S/MIME message
into the keystore for Tomcat.  That didn't help.  I don't know how to 
put the signing key into the keystore... maybe that's inadvisable
anyway?

Is this simply a matter of the size of the cookie, or will Tomcat try
to do something with the cookie even though it is not intended to be
used by any apps in Tomcat?  What should I investigate and try to 
resolve this?

Thanks for your help!

==Leonard E. Sitongia
     Web Engineering Group
     National Center for Atmospheric Research
     P.O. Box 3000 Boulder CO 80307  USA
[email protected: sit...@ucar.edu] voice: (303)497-2454 fax: (303)497-1804


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]

Hi,

The server.xml in Tomcat 5 has <Cluster> inside of <Host>.

Right now, I'm running one host in the Tomcat configuration on each of
two computers.  server.xml in tomcat running on a computer named c1 has 
a <Host> named c1, and computer c2 has a host named c2.

I'm planning to create several virtual hosts that will be clustered
across two computers.  The virtual hosts, of course, have the same IP 
address.

Can I simply duplicate the <Cluster> definition in each of the <Host>
sections in the multiple virtual hosts that I define in each computer?  
In other words:

Computer 1:

<Host name="vhost1" ... >
<Cluster ... >
</Cluster>
<Host>

<Host name="vhost2" ... >
<Cluster ... >
</Cluster>
<Host>

Computer 2:

<Host name="vhost1" ... >
<Cluster ... >
</Cluster>
<Host>

<Host name="vhost2" ... >
<Cluster ... >
</Cluster>
<Host>

Where all the information in the <Cluster/> element is the same for
each virtual host on each computer.

Seems like I end up with four virtual hosts that are all talking on the
same TCP and multicast connections.

Do I need to define a different tcpListenAddress / tcpListenPort for
each virtual host?

Thanks for your help!

==Leonard E. Sitongia
   VETS / Scientific Computing Division
   National Center for Atmospheric Research
   P.O. Box 3000 Boulder CO 80307  USA
[email protected: sit...@ucar.edu] voice: (303)497-2454 fax: (303)497-1829


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected: tomcat-user-unsubs...@jakarta.apache.org]
For additional commands, e-mail: [email protected: tomcat-user...@jakarta.apache.org]