https://issues.apache.org/bugzilla/show_bug.cgi?id=46950
Andr <an...@cabine.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WORKSFORME |
--- Comment #4 from Andr <an...@cabine.org> 2009-04-15 04:03:39 PST ---
What works for you? Did you even read what I said?
How can the browser know if a server trusts a certain certificate or not
without even asking for it?
Let me explain the problem better.
Most of my site runs without client cert checking, so I have
SSLVerifyClient="none" on the connector. But I have one servlet that DOES want
a client certificate and so I configured the security restriction accordingly
in the deployment descriptor. Just that one resource, not the entire site.
It's in these cases that a SSL renegotiation does not occur to ask for the
client certificate. Tomcat only knows that I want a client certificate after
the client sends the http request.
Apache httpd has this feature and someone at the tomcat user's list asked me to
file this as a bug. Maybe it's just a missing feature.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
