Liam Escario wrote:
>
> Hey Jim,
>
> Thanks for the clarification there. That's how I thought it should
> behave.... =)
>
> Now if only I could get to figure out how to read my client certificate in
> Java. I'm always getting null... I've tried using both,
>
> String cipherSuite = (String)
> request.getAttribute("javax.net.ssl.cipher_suite");
>
> and
>
> X509Certificate[] certs = (X509Certificate[])
> request.getAttribute("javax.servlet.request.X509Certificate");
>
> But they both return null. If anybody knows how, please holler. thanks!
>
> Liam
>
>
Liam,
I may have just spent almost 2 WEEKS struggling with the problem that
you're struggling with, I think.
Are you using Apache+mod_ssl+mod_jk/jk2+Tomcat, i.e., are you using
Apache+ to front end your Tomcat?
If that's the case, then I believe (I never tried it because I went
another route) that you need to make sure the Apache, mod_ssl,
mod_jk/jk2 are all built with the "--EAPI" directive. I think this
enables passing the SSL-related info to Tomcat.
Like I said, after struggling with the problem you're having, what I
ended up doing was just running Standalone Tomcat with SSL (client and
server), and it's been working fine. The only downside is that it
appears that Tomcat SSL (JSSE) doesn't implement support for CRL
checking, so you'll have to deal with that some other way.
I think that someone pointed to a possible source for binaries with the
"--EAPI" but I never got to that because I switched to standalone
Tomcat. For my situation, where we are having very low volume, a much
easier configuration to deploy and manage... No flames PLEASE.
Jim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
