Starting TC 4.0 with
CATALINA_OPTS="$CATALINA_OPTS
-Djavax.net.ssl.trustStore=$CATALINA_BASE/conf/spitfire-cacerts.jks
-Djavax.net.ssl.trustStorePassword=changeit"
and using non-{Verisign,Thawte} cacerts, i am not seeing your problem with
the standard SSLServerSocketFactory. Why does your patch fix the problem?
Wolfgang.
>Hey,
>
>here are the changes to get the HTTPS connector doing 'clientAuth' with
>CA certs other than the ones from Verisign and Thawte. I tested it with
>Netscape 4.77 as client and with certificates created by my own CA.
>
>please consider integration into Tomcat 4 source code.
>
>thanks
>
>Stefan
>
>
>--- SSLServerSocketFactory.java.orig Wed Oct 17 13:25:14 2001
>+++ SSLServerSocketFactory.java Wed Oct 17 13:28:05 2001
>@@ -139,7 +139,7 @@
> /**
> * The trust manager factory used with JSSE 1.0.1.
> */
>- // TrustManagerFactory trustManagerFactory = null;
>+ TrustManagerFactory trustManagerFactory = null;
>
>
> // -------------------------------------------------------------
>Properties
>@@ -474,13 +474,12 @@
> keyManagerFactory.init(keyStore, keystorePass.toCharArray());
>
> // Create the trust manager factory used for checking
>certificates
>- /*
>- trustManagerFactory =
>TrustManagerFactory.getInstance(algorithm);
>- trustManagerFactory.init(keyStore);
>- */
>+ trustManagerFactory =
>TrustManagerFactory.getInstance(algorithm);
>+ trustManagerFactory.init(keyStore);
>
> // Initialize the context with the key managers
>- context.init(keyManagerFactory.getKeyManagers(), null,
>+ context.init(keyManagerFactory.getKeyManagers(),
>+ trustManagerFactory.getTrustManagers(),
> new java.security.SecureRandom());
>
> // Create the proxy and return
>
>
