Hello guys,
I verify clients by Certificate in my Application.
X509Certificate[] certs =
(X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
this works fine with connector like:
<Connector port="8443" maxHttpHeaderSize="8192"
keystoreFile="conf/keystore.jks" keystorePass="pw"
truststoreFile="conf/truststore.jks" truststorePass="pw"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS" />
but i want to use Apache Portable Runtime with Tomcat (libtcnative).
because APR comes with OpenSSL specific Connector attributes i have to
change connector to:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEngine="on"
SSLCertificateFile="${catalina.base}/conf/ssl.server/server.crt"
SSLCertificateKeyFile="${catalina.base}/conf/ssl.server/server.key"
SSLVerifyClient="optional"
SSLCACertificatePath="${catalina.base}/conf/ssl.client"
SSLOptions="+StdEnvVars +ExportCertData"
/>
ClientAuth works fine with Tomcat but Certificate got not forwarded to
ActionContext:
so X509Certificate[] certs =
(X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
returns null.
i use:
Apache Tomcat 5.5.17
OpenSSL 0.9.7e
Tomcat Native 1.1.3
greets
Florian
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
