-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason,
On 2/19/2010 1:48 AM, Jason Brittain wrote: > Nope. clientAuth="false" means that the webapp's web.xml specifies which > resources require the client certificate. Gotcha: I thought that "false" would cause the connector to ignore all client cert info, while "want" would collect it but not process it, while "true" would perform the checks for you. Instead, "false" and "want" are essentially the same (right?) and "true" does the checks for you. If you have "want" or "false", plus a <web-resource-collection> that demands CLIENT-AUTH, then it will be used for identification purposes, but not actually checked against a valid certificate chain. Do I have that right? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt+wY0ACgkQ9CaO5/Lv0PDbcwCeMk2ae1G85O64nNhCU/orDBxK Qg4An3sHZYQ68DAB5KEWTsW65zugvSBK =cbwC -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
