On Mon, 17 Sep 2001, GOMEZ Henri wrote:
> Date: Mon, 17 Sep 2001 23:17:15 +0200
> From: GOMEZ Henri <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: RE: SSL Attributes
>
>
> >> >> Cheers
> >> >>
> >> >> Jean-frederic
> >> >>
> >> >> Note:
> >> >> javax.servlet.cert.X509Certificate is in JSSE.
> >> >> java.servlet.cert.X509Certificate is in JDK (even in 1.2.2).
> >> >>
> >> >
> >> >Not only that, the JSSE version doesn't even inherit from the
> >> >JDK version
> >> >:-(. When using JSSE (i.e. in Tomcat stand-alone) you have to
> >> >convert the
> >> >certificates manually.
> >>
> >> I've got question not really well covered in spec.
> >> When you got the X509Certificate, you got the certificate
> >> presented by Browser ? So only one certificate isnt'it ?
> >>
> >> That's currently what mod_ssl present :)
> >>
> >
> >JSSE presents the entire client certificate chain, with the
> >first one in
> >the chain being the cerftificate of the client itself, followed by the
> >certificate of the CA that vouches for the client cert, and so on.
>
> But what did we need to have present in SPEC ?
> client cert and ca cert or only client cert ?
>
2.2 just says "an array".
2.3 says "The order of this array is defined as being in ascending
order of trust. The first certificate in the chain is the one set by the
client, the next is the one used to authenticate the first, and so on."
Craig
