-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marc,

On 5/24/2011 5:20 PM, Christopher Schultz wrote:
> On 5/24/2011 4:59 PM, Christopher Schultz wrote:
>> Instead, they are stored in the request /attributes/.
> 
> Specifically, these:
> 
> javax.servlet.request.cipher_suite - as a String
> javax.servlet.request.key_size     - as an Integer
> javax.servlet.request.ssl_session  - as a String

The above are specified as part of the Servlet 3.0 Specification under
section 3.8. Not shown above (because I wasn't using a client
certificate for testing) is "javax.servlet.request.X509Certificate"
which is of type java.security.cert.X509Certificate[] (note the array type).

> I would have expected JkExtractSSL On (which is the default) to
> pre-populate a series of SSL-oriented attributes similar to the list
> found at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars but
> that doesn't appear to be the case

Looking at the mod_jk code, it appears that the only variables that are
included by using JkExtractSSL are those shown above. If you want more,
you'll have to use JkEnvVar.

I can confirm that "JkEnvVar SSL_PROTOCOL" will result in
request.getAttribute("SSL_PROTOCOL") returning "TLSv1" or whatever
secure protocol is in use for the current request.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3cJSkACgkQ9CaO5/Lv0PDBaACgjr4EKI49IyBMyObzwUHHFStm
VGEAnj2Yxu99GrYC+qvbIPfoSGcjXc+o
=FrAY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to