--- Comment #4 from Mark Thomas <> ---
Yes, this is JSSE style config only.

Yes, I was thinking along the lines you describe.

Regarding the custom trust manager, what I think Tomcat needs to do is
replicate what JSSE does which is:
- iterate through the provided TrustManager instances array and select the
first instance of X509TrustManager
- call getAcceptedIssuers() on that instance to get the list of acceptable CAs

Then Tomcat can pass that array of X509Certificates to OpenSSL.

That should then give us equivalent behaviour for the same configuration with
either implementation.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to