[EMAIL PROTECTED] wrote:
> On Mon, 17 Sep 2001, jean-frederic clere wrote:
>
>
>>Hi,
>>
>>I have patched mod_jk for TC4.0 so that the SSL Attributes follow the spec's
>>(SRV.4.7).
>>I have not found anything in the 2.2 spec's about it.
>>
>>I have noted that the "javax.servlet.cert.X509Certificate" of TC3.3 is a String
>>not an array of java.servlet.request.X509Certificate.
>>
>>What should we do?:
>>1 - Update TC3.3 code so that is compatible with 2.3 spec's.
>>2 - Document in tomcat-ssl-howto.html that in TC3.3
>>"javax.servlet.cert.X509Certificate" is a String and add an example how to use
>>it.
>>
>
> 1 - if possible. The spec is clear even for 2.2 ( the type is a
> X509Certificate[] ), and having different from 4.0 would mean trubles for
> anyone who uses it.
>
> AFAIK 3.2 returned a string (or nothing ?), but this is clearly a bug.
>
> Costin
This is indeed a bug, and it's listed somewhere in bugzilla. Nacho
offered to do the actual fix patch, since it affects a few areas where
he has specific expertise, and I was to get him the cert chain code for
doing the conversion of String -> X509Certificate[]. Unfortunately, my
home network has been goofed up over the past few weeks, which I need
running in order to test a rudimentary patch for client auth, so I am
terribly late on my end of it (mea culpa :)
I agree that #1 is the necessary solution. 3.2.3 and 3.3 are both
affected, but in different ways (as noted in the bugzilla entry by a
very thorough reporter, which we love =)
JF, if you want to have a go at it, by all means do so. If not, my
network is now fixed, so I could get Nacho what he needs by tomorrow.
It's up to you, boss ;-)
- Christopher
/**
* Pleurez, pleurez, mes yeux, et fondez vous en eau!
* La moitié de ma vie a mis l'autre au tombeau.
* ---Corneille
*/
