DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37869>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37869 Summary: Cannot obtain client certificate with SSL / client certificate authentication using APR components Product: Tomcat 5 Version: 5.5.12 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Connector:HTTP AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] I configured tomcat to use SSL client-certificate authentication and i need to access the client certificate contained in the request. To do this, i use: Object cert = request.getAttribute("javax.servlet.request.X509Certificate"); If i do not use the APR components, this works correctly. If i use the APR components, instead, the object returned by the previous statement is always null. The authentication itself works correctly (for instance if CA not valid, certificate expired, etc..) in both cases. For use the APR components, i just put the binary files downloaded at: http://tomcat.heanet.ie/native/1.1.1/binaries/win32/ in the bin directory of my tomcat installation, according the guide found on tomcat site: http://tomcat.apache.org/tomcat-5.5-doc/apr.html This is the SSL HTTP connector extract from my server.xml (non APR version): <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" truststoreFile="./tomcat5keystore.jks" truststorePass="xxx" keystoreFile="./tomcat5keystore.jks" keystorePass="xxx" /> This is the SSL HTTP connector extract from my server.xml (non APR version): <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="want" SSLEngine="on" SSLVerifyClient="optional" SSLCertificateFile="${catalina.base}/cert.crt" SSLCertificateKeyFile="${catalina.base}/key.pem" SSLCACertificateFile="${catalina.base}/ca_postecom.crt" SSLPassword="xxx" /> -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
