[Bug 67061] SSLVerifyClient="optionalNoCA" still not doing what it should

bugzilla Thu, 24 Aug 2023 23:38:30 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=67061


--- Comment #1 from ruedige...@yahoo.de ---
On top, the problem also exists in my local installation (Ubuntu 20.04, Java
17):

tomcat 9.0.55   tc-native 1.2.31   openssl 1.1.1f

Here is the relevant longer excerpt from server.xml (the rest is unchanged from
the default):

<Connector SSLEnabled="true" maxThreads="150" port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol">
  <SSLHostConfig certificateVerification="optionalNoCA"
caCertificateFile="myRootCA.crt.pem" >
    <Certificate certificateFile="localhost.crt"
certificateKeyFile="localhost.key" type="RSA"/>
  </SSLHostConfig>
</Connector>

If I remove the caCertificateFile attribute, I get handshake problems with my
self-signed certificate.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67061] SSLVerifyClient="optionalNoCA" still not doing what it should

Reply via email to