I refer to tomcat 5.5.17. Assuming SSL client side authentication is used, I am trying to access the underlying client's X509 certificate of the SSL socket in a webapp. However, it appears such information can only be extracted from the SSL session, which is not made available to the servlet.
I can see that this can be hacked around by modifying Http12Processor.java, such that the (SSL) socket is placed into a thread local for use by the webapp. But there must be a better/easier way than this, or some configuration magic I am missing ? Hanson
