In my experience with 8.x -- on all requests.

On Fri, Jul 12, 2019 at 3:06 AM Wilmoth, Jon
<jon.d.wilm...@nordstrom.com> wrote:
>
> I was hoping to get some clarification on when to expect client x509 certs in 
> http requests where the Tomcat server (v9.x) has been configured to “want” or 
> “need” client auth.  
> https://javaee.github.io/servlet-spec/downloads/servlet-4.0/servlet-4_0_FINAL.pdf
>  says:
>
> “If there is an SSL certificate associated with the request, it must be 
> exposed by the servlet container to the servlet programmer as an array of 
> objects of type java.security.cert.X509Certificate and accessible via a 
> ServletRequest attribute of javax.servlet.request.X509Certificate.”
>
> Is this only for the request that initiated the TLS handshake?  Or does this 
> mean it will be present on all requests (i.e. requests on a keep-alive 
> connection after the initial handshake) while the TLS connection is still 
> open?
>
> Thanks,
> Jon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to