On 12/07/2019 08:22, Martynas Jusevičius wrote: > In my experience with 8.x -- on all requests.
The above is correct for JSSE based TLS connections. It also applies to most OpenSSL based connections. There is one edge case that can cause problems. If: - OpenSSL based TLS connections are used; - TLS session tickets are enabled; and - the session has been resumed via a ticket; then the client certificate will be available but the full client certificate chain will not. The full chain will only be available in the initial connection. Mark > > On Fri, Jul 12, 2019 at 3:06 AM Wilmoth, Jon > <jon.d.wilm...@nordstrom.com> wrote: >> >> I was hoping to get some clarification on when to expect client x509 certs >> in http requests where the Tomcat server (v9.x) has been configured to >> “want” or “need” client auth. >> https://javaee.github.io/servlet-spec/downloads/servlet-4.0/servlet-4_0_FINAL.pdf >> says: >> >> “If there is an SSL certificate associated with the request, it must be >> exposed by the servlet container to the servlet programmer as an array of >> objects of type java.security.cert.X509Certificate and accessible via a >> ServletRequest attribute of javax.servlet.request.X509Certificate.” >> >> Is this only for the request that initiated the TLS handshake? Or does this >> mean it will be present on all requests (i.e. requests on a keep-alive >> connection after the initial handshake) while the TLS connection is still >> open? >> >> Thanks, >> Jon > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
