Re: forward SSL-Certificate to ActionContext with Tomcat Native

Thu, 27 Jul 2006 13:50:11 -0700 

Hello,

the answer is very simple:
this is a bug in APR components (the https connector)
http://issues.apache.org/bugzilla/show_bug.cgi?id=37869

thats the reason why i don't able to use apr :(

greets
Florian

Florian Rock schrieb:
> Hello guys,
>
> I verify clients by Certificate in my Application.
> X509Certificate[] certs =
> (X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
>
> this works fine with connector like:
> <Connector port="8443" maxHttpHeaderSize="8192"
>                keystoreFile="conf/keystore.jks" keystorePass="pw"
>                truststoreFile="conf/truststore.jks" truststorePass="pw"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                clientAuth="want" sslProtocol="TLS" />
>
> but i want to use Apache Portable Runtime with Tomcat (libtcnative).
> because APR comes with OpenSSL specific Connector attributes i have to
> change connector to:
>
> <Connector port="8443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                SSLEngine="on"
>               
> SSLCertificateFile="${catalina.base}/conf/ssl.server/server.crt"              
>  
>
>               
> SSLCertificateKeyFile="${catalina.base}/conf/ssl.server/server.key"
>                SSLVerifyClient="optional"
>                SSLCACertificatePath="${catalina.base}/conf/ssl.client"
>                SSLOptions="+StdEnvVars +ExportCertData"
>     />
>
> ClientAuth works fine with Tomcat but Certificate got not forwarded to
> ActionContext:
> so X509Certificate[] certs =
> (X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
> returns null.
>
> i use:
> Apache Tomcat 5.5.17
> OpenSSL 0.9.7e
> Tomcat Native 1.1.3
>
> greets
> Florian
>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to