On Tue, 18 Sep 2001, Ignacio J. Ortega wrote:
> > I have found it the 2.2 Spec's (5.7 SSL Attributes).
> > Now I have started to fix Ajp13 in jakarta-tomcat so that it
> > follows the spec's.
> > For the moment I will only return the first certificate.
> > Returning the complete
> > chain is quite a lot of data and it is probably useless for
> > applications.
> >
>
> +1 , and a comment on Readme.txt as is a spec compliance issue
>
> Until we find a way to cache Client Certificate Chain..
Or we add 2 more messages in ajp13/14 - to get the chain when the user
request it.
In fact, even the client certificate should be retrieved only on demand,
I assume most pages will not deal with certificates ( except maybe
some initial page ), and sending even the first cert over the wire would
be wasted.
Long ago we did some tests and looked into a number of servlets - it's
likely 1/2 of what we send by default can be eliminated ( including
most of the headers ), very few servlets will do getHeaders(). The
impact on performance was visible ( with a small penalty for the
requests using getHeaders == one extra roundtrip ).
I assume that's something for ajp14/warp ( including customization
of what's send and what's not).
Costin
