https://bz.apache.org/bugzilla/show_bug.cgi?id=67061
Bug ID: 67061
Summary: SSLVerifyClient="optionalNoCA" still not doing what it
should
Product: Tomcat Native
Version: 1.2.37
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Library
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I want to use a self-signed client certificate. Thus, to avoid the checks along
the certificate chain, I have set certificateVerification="optionalNoCA".
For some reason, I only manage to establish a connection without ssl handshake
problems, if I provide my (self-created) CA certificate used to sign said
client certificate using caCertificateFile=... , as in the following server.xml
excerpt:
<SSLHostConfig certificateVerification="optionalNoCA"
caCertificateFile="myRootCA.crt.pem" >
I have tested the following versions (from dockerhub):
tomcat 8.5.0 tc-native 1.2.5
tomcat 9.0.0-M4 tc-native 1.2.5
tomcat 9.0.0-M27 tc-native 1.2.14
tomcat 9.0.79 tc-native 1.2.38
tomcat 10.0.27 tc-native 1.2.35
I have read https://bz.apache.org/bugzilla/show_bug.cgi?id=59616 and
https://bz.apache.org/bugzilla/show_bug.cgi?id=63894 so I was hoping all
problems around optionalNoCA are fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
