jean-frederic clere wrote:
>
> Stefan Wengi wrote:
> >
> > Hey,
> >
> > here are the changes to get the HTTPS connector doing 'clientAuth' with
> > CA certs other than the ones from Verisign and Thawte. I tested it with
> > Netscape 4.77 as client and with certificates created by my own CA.
> >
> > please consider integration into Tomcat 4 source code.
>
> The question is to know why the code was commented out...
well yes, that's question number 1.
question number 2 then is whether we want to reactivate the code,
support only the property approach suggested by Wolfgang, or add two new
config attributes: 'truststoreFile' and 'truststorePasswd'.
> >
> > thanks
> >
> > Stefan
> >
> > --- SSLServerSocketFactory.java.orig Wed Oct 17 13:25:14 2001
> > +++ SSLServerSocketFactory.java Wed Oct 17 13:28:05 2001
> > @@ -139,7 +139,7 @@
> > /**
> > * The trust manager factory used with JSSE 1.0.1.
> > */
> > - // TrustManagerFactory trustManagerFactory = null;
> > + TrustManagerFactory trustManagerFactory = null;
> >
> >
> > // -------------------------------------------------------------
> > Properties
> > @@ -474,13 +474,12 @@
> > keyManagerFactory.init(keyStore, keystorePass.toCharArray());
> >
> > // Create the trust manager factory used for checking
> > certificates
> > - /*
> > - trustManagerFactory =
> > TrustManagerFactory.getInstance(algorithm);
> > - trustManagerFactory.init(keyStore);
> > - */
> > + trustManagerFactory =
> > TrustManagerFactory.getInstance(algorithm);
> > + trustManagerFactory.init(keyStore);
> >
> > // Initialize the context with the key managers
> > - context.init(keyManagerFactory.getKeyManagers(), null,
> > + context.init(keyManagerFactory.getKeyManagers(),
> > + trustManagerFactory.getTrustManagers(),
> > new java.security.SecureRandom());
> >
> > // Create the proxy and return
S/MIME Cryptographic Signature
