DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=34643>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34643 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- CC|[EMAIL PROTECTED] | ------- Additional Comments From [EMAIL PROTECTED] 2005-04-27 21:37 ------- (In reply to comment #0) > Interim results of my own little research: > - if I request org.apache.catalina.Globals.SSL_CERTIFICATE_ATTR, > org.apache.coyote.tomcat4.CoyoteRequest.getAttribute triggers the > org.apache.coyote.ActionCode.ACTION_REQ_SSL_CERTIFICATE re-handshake This works in 4.1 & 5.0, but has been removed from 5.5. You would need your own custom Valve to do this in 5.5. > Open issues I haven't mastered so far: > 1) If the application allows for self-signed certificates the user uploads into > the DB i.e. her profile, is there a way to use a non-global trustStore to > validate? Otherwise, with an increasing user-basis, I foresee scalability > problems if I had to import all such certificates into a global trust store? You probably want an LDAP-based trustStore (e.g. java.security.cert.LDAPCertStoreParameters). Not hard to implement (at least for JDK 1.5), but so far there hasn't been much demand for it. > 2) javax.net.ssl.SSLServerSocket.setNeedClientAuth in > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.configureClientAuth might be > the basis for an alternative approach, but I wouldn't know how to set that (or > probably rather > org.apache.tomcat.util.net.ServerSocketFactory.setAttribute("clientAuth", true) > before the org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket has > already occurred? This is where the clientAuth attribute on the <Connector> eventually ends up :). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]