https://bz.apache.org/bugzilla/show_bug.cgi?id=61394
--- Comment #4 from Mark Thomas <ma...@apache.org> --- Yes, this is JSSE style config only. Yes, I was thinking along the lines you describe. Regarding the custom trust manager, what I think Tomcat needs to do is replicate what JSSE does which is: - iterate through the provided TrustManager instances array and select the first instance of X509TrustManager - call getAcceptedIssuers() on that instance to get the list of acceptable CAs Then Tomcat can pass that array of X509Certificates to OpenSSL. That should then give us equivalent behaviour for the same configuration with either implementation. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org