RE: SSL Attributes

Mon, 17 Sep 2001 11:49:33 -0700 

Jean-Frederic did it in J-T-C, and it's the correct solution avoiding
JSSE dependencies, i think we need to add some more compat code to TC33
but thats all, hope he will port the patch to TC3.3, i recall he offered
to do so, please do it ASAP ..

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Christopher Cain [mailto:[EMAIL PROTECTED]]
> Enviado el: lunes 17 de septiembre de 2001 20:42
> Para: [EMAIL PROTECTED]
> Asunto: Re: SSL Attributes
> 
> 
> 
> [EMAIL PROTECTED] wrote:
> > On Mon, 17 Sep 2001, jean-frederic clere wrote:
> > 
> > 
> >>Hi,
> >>
> >>I have patched mod_jk for TC4.0 so that the SSL Attributes 
> follow the spec's
> >>(SRV.4.7).
> >>I have not found anything in the 2.2 spec's about it.
> >>
> >>I have noted that the "javax.servlet.cert.X509Certificate" 
> of TC3.3 is a String
> >>not an array of java.servlet.request.X509Certificate.
> >>
> >>What should we do?:
> >>1 - Update TC3.3 code so that is compatible with 2.3 spec's.
> >>2 - Document in tomcat-ssl-howto.html that in TC3.3
> >>"javax.servlet.cert.X509Certificate" is a String and add an 
> example how to use
> >>it.
> >>
> > 
> > 1 - if possible. The spec is clear even for 2.2 ( the type is a
> > X509Certificate[] ), and having different from 4.0 would 
> mean trubles for
> > anyone who uses it.
> > 
> > AFAIK 3.2 returned a string (or nothing ?), but this is 
> clearly a bug.
> > 
> > Costin
> 
> This is indeed a bug, and it's listed somewhere in bugzilla. Nacho 
> offered to do the actual fix patch, since it affects a few 
> areas where 
> he has specific expertise, and I was to get him the cert 
> chain code for 
> doing the conversion of String -> X509Certificate[]. 
> Unfortunately, my 
> home network has been goofed up over the past few weeks, which I need 
> running in order to test a rudimentary patch for client auth, so I am 
> terribly late on my end of it (mea culpa :)
> 
> I agree that #1 is the necessary solution. 3.2.3 and 3.3 are both 
> affected, but in different ways (as noted in the bugzilla entry by a 
> very thorough reporter, which we love =)
> 
> JF, if you want to have a go at it, by all means do so. If not, my 
> network is now fixed, so I could get Nacho what he needs by tomorrow. 
> It's up to you, boss ;-)
> 
> - Christopher
> 
> /**
>   * Pleurez, pleurez, mes yeux, et fondez vous en eau!
>   * La moitié de ma vie a mis l'autre au tombeau.
>   *    ---Corneille
>   */
> 
>

Reply via email to