Is SSL client auth supported in versions of Tomcat prior to 4.x? In looking over the source code, I can see that in TC 4.1.10, Realm.authenticate(X509Certificate[] certs) authenticates a user based on the certiticate chain that is presented. But in looking through the source for TC 3.3.1, I cannot find any calls to java(x).security.cert.X509Certitificate.validate() or verify().
Nonetheless, I can see classes like JSSESuport and PureTLSSupport that obtain the chain of certificates via javax.net.ssl.SSLSession.getPeerCertificateChain(), but for the life of me, I cannot find any classes that are actually using the array of certs that is returned. I have looked at the Realm class and it's subclasses, and I have seen some things in the Http10Interceptor related to setting up the SSL socket, but it doesn't look to me like TC 3.3.1 supports client auth. Did I just miss it? If SSL client auth is supported in TC 3.x, could someone please point me to the class and method responsible for verifying and validating a clients identity using the certificate chain? Thanks in advance, Chris -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
