Stefan Wengi wrote: > > Hey, > > here are the changes to get the HTTPS connector doing 'clientAuth' with > CA certs other than the ones from Verisign and Thawte. I tested it with > Netscape 4.77 as client and with certificates created by my own CA. > > please consider integration into Tomcat 4 source code.
The question is to know why the code was commented out... > > thanks > > Stefan > > --- SSLServerSocketFactory.java.orig Wed Oct 17 13:25:14 2001 > +++ SSLServerSocketFactory.java Wed Oct 17 13:28:05 2001 > @@ -139,7 +139,7 @@ > /** > * The trust manager factory used with JSSE 1.0.1. > */ > - // TrustManagerFactory trustManagerFactory = null; > + TrustManagerFactory trustManagerFactory = null; > > > // ------------------------------------------------------------- > Properties > @@ -474,13 +474,12 @@ > keyManagerFactory.init(keyStore, keystorePass.toCharArray()); > > // Create the trust manager factory used for checking > certificates > - /* > - trustManagerFactory = > TrustManagerFactory.getInstance(algorithm); > - trustManagerFactory.init(keyStore); > - */ > + trustManagerFactory = > TrustManagerFactory.getInstance(algorithm); > + trustManagerFactory.init(keyStore); > > // Initialize the context with the key managers > - context.init(keyManagerFactory.getKeyManagers(), null, > + context.init(keyManagerFactory.getKeyManagers(), > + trustManagerFactory.getTrustManagers(), > new java.security.SecureRandom()); > > // Create the proxy and return
