----- Original Message ----- From: "Jesús Luna" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Friday, October 08, 2004 1:55 AM
Subject: RE: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
-----Mensaje original----- De: jean-frederic clere [mailto:[EMAIL PROTECTED] Enviado el: viernes, 08 de octubre de 2004 8:28 Para: Jesús Luna Asunto: Re: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
I have not (yet) got it working but the idea to have more httpd variables available in the servlet sounds a needed feature.
I agree with you about the need for a new set of variables availables to the servlet application (specially in the case of security!), however I've read the "Java Servlet Specification v2.4" and it looks like the client's certificate chain should be exposed as an attribute in a mandatory way. The correspondent text from section SRV.4.7 "SSL Attributes" follows: "If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. The order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on."
So I still can't figure out why my app can't get them.
_______________________ Jesus Luna Garcia CertiVeR (EU Funded Project) [EMAIL PROTECTED] http://www.certiver.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments.
In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
