DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19867>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19867 Declarative SSL Client Authentication don't work [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2003-08-12 11:52 ------- CLIENT-CERT only works over SSL. You need to add the following after </auth- constraint> and before </security-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> I believe the servlet spec could be clearer about this. Currently it is perfectly valid to specify CLIENT-CERT without specifying a transport- guarantee. I have followed this up with the servlet spec team. If the spec changes, this will be incorporated into Tomcat. Currently, Tomcat's behaviour is valid. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
