Ahh ... okay. Well if the connectors are taken care of, I can port the
fix to the tree (using JSSE) tonight to fix client auth, or let JF do it
if he prefers. If I don't get word by then (he might already be
offline in his corner of the world :), I'll just do the fix.
Marc, should I port it to 3.2.3 as well?
Ignacio J. Ortega wrote:
> Jean-Frederic did it in J-T-C, and it's the correct solution avoiding
> JSSE dependencies, i think we need to add some more compat code to TC33
> but thats all, hope he will port the patch to TC3.3, i recall he offered
> to do so, please do it ASAP ..
>
> Saludos ,
> Ignacio J. Ortega
>
>
>
>>-----Mensaje original-----
>>De: Christopher Cain [mailto:[EMAIL PROTECTED]]
>>Enviado el: lunes 17 de septiembre de 2001 20:42
>>Para: [EMAIL PROTECTED]
>>Asunto: Re: SSL Attributes
>>
>>
>>
>>[EMAIL PROTECTED] wrote:
>>
>>>On Mon, 17 Sep 2001, jean-frederic clere wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I have patched mod_jk for TC4.0 so that the SSL Attributes
>>>>
>>follow the spec's
>>
>>>>(SRV.4.7).
>>>>I have not found anything in the 2.2 spec's about it.
>>>>
>>>>I have noted that the "javax.servlet.cert.X509Certificate"
>>>>
>>of TC3.3 is a String
>>
>>>>not an array of java.servlet.request.X509Certificate.
>>>>
>>>>What should we do?:
>>>>1 - Update TC3.3 code so that is compatible with 2.3 spec's.
>>>>2 - Document in tomcat-ssl-howto.html that in TC3.3
>>>>"javax.servlet.cert.X509Certificate" is a String and add an
>>>>
>>example how to use
>>
>>>>it.
>>>>
>>>>
>>>1 - if possible. The spec is clear even for 2.2 ( the type is a
>>>X509Certificate[] ), and having different from 4.0 would
>>>
>>mean trubles for
>>
>>>anyone who uses it.
>>>
>>>AFAIK 3.2 returned a string (or nothing ?), but this is
>>>
>>clearly a bug.
>>
>>>Costin
>>>
>>This is indeed a bug, and it's listed somewhere in bugzilla. Nacho
>>offered to do the actual fix patch, since it affects a few
>>areas where
>>he has specific expertise, and I was to get him the cert
>>chain code for
>>doing the conversion of String -> X509Certificate[].
>>Unfortunately, my
>>home network has been goofed up over the past few weeks, which I need
>>running in order to test a rudimentary patch for client auth, so I am
>>terribly late on my end of it (mea culpa :)
>>
>>I agree that #1 is the necessary solution. 3.2.3 and 3.3 are both
>>affected, but in different ways (as noted in the bugzilla entry by a
>>very thorough reporter, which we love =)
>>
>>JF, if you want to have a go at it, by all means do so. If not, my
>>network is now fixed, so I could get Nacho what he needs by tomorrow.
>>It's up to you, boss ;-)
>>
>>- Christopher
>>
>>/**
>> * Pleurez, pleurez, mes yeux, et fondez vous en eau!
>> * La moitié de ma vie a mis l'autre au tombeau.
>> * ---Corneille
>> */
>>
>>
>>
- Christopher
/**
* Pleurez, pleurez, mes yeux, et fondez vous en eau!
* La moitié de ma vie a mis l'autre au tombeau.
* ---Corneille
*/
