DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41382>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41382 Summary: SSL Client certificate not present in servlet attribute "javax.servlet.request.X509Certificate" when using APR connector Product: Tomcat 5 Version: 5.5.20 Platform: All OS/Version: Windows XP Status: NEW Keywords: PatchAvailable Severity: normal Priority: P2 Component: Connector:HTTP AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] When using APR/native HTTPS connector, based on OpenSSL, if the client connects to HTTPS connector with a valid client certificate, the client X509 certificate is not present in the array of certificates in the javax.servlet.request.X509Certificate ServletRequest attribute, only certificates from the CAs in the certification chain are present. If no CA certificate is sent by the client then the attribute is null. This is not compliant with Servlet Specification v2.3, in the section "SRV.4.7 SSL Attributes" which states: "If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. The order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on." -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
