Tomcat9: multipart upload fails over https
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat9 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Tom Moyer |
Bug Description
[ Impact ]
* Tomcat version 9.0.31 has a bug that prevents multipart uploads over
encrypted connections. This happens with the NIO SSL Connector, which
is the one that gets auto-selected in a default configuration
* This patch reverts a change that was made between 9.0.30 and 9.0.31 that
causes the multipart upload to fail when using a TLS connection.
[ Test Plan ]
* Deploy focal
* Deploy tomcat9 and use the default configuration
* Enable HTTPS for tomcat9. A self-signed certificate is sufficient
* Create a keystore:
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat9/
* Enable the HTTPS listener in the tomcat9 configuration file
/etc/
* Add the following XML snippet at the bottom of the the XML block
'<Service name="Catalina">'. Ensure that you specify the same password
as when you created the keystore above
<Connector port="8443" protocol=
* Deploy the attached WAR (JerseyDemos.war) file which is a simple test
application that exhibits the regression. This is done by placing the WAR
file in the following directory: /var/lib/
* In a browser on a separate machine, navigate to the application:
https://<focal instance>
* Attempt to upload the attached file: qg8dbNp.png
[ Where problems could occur ]
* This patch only addresses the server reading from the encrypted connection.
There is the potential that the server writing to this same connection may
trigger a similar issue if the client tries a multipart download.
However, that use case is less common and the code for that is a seperate
codepath entirely.
[ Other Info ]
* This change only applies to focal as releases after focal have a newer
version of tomcat9 that includes this patch already.
* Patch source:
https:/
* Contained in upstream tag: 9.0.32
[ Original Bug Description ]
Tomcat version 9.0.31 has a bug that prevents multipart uploads over encrypted connections.
This happens with the NIO SSL Connector, which is the one that gets auto-selected on my system.
FAIL - Deploy Upload Failed, Exception: [org.apache.
https:/
https:/
The bug is not present in the next Tomcat upstream release, but it seems the correction has not been ported back to Ubuntu 20.04.1 LTS in the tomcat9 package, version 9.0.31-1ubuntu0.1.
On a side note, the bug seems to be present also on the current tomcat9 package, version 9.0.31-1~deb10u2 for Debian 10.
tags: | added: se-sponsor-mfo |
Changed in tomcat9 (Ubuntu): | |
status: | Incomplete → Invalid |
Changed in tomcat9 (Ubuntu Focal): | |
status: | New → In Progress |
assignee: | nobody → Tom Moyer (tom-tom) |
importance: | Undecided → Medium |
tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
Status changed to 'Confirmed' because the bug affects multiple users.