Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

On 05/02/2018 02:14, Indunil Rathnayake wrote: Hi, On 2 February 2018 at 19:55, Christopher Schultz < ch...@christopherschultz.net> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 2/2/18 5:35 AM, Mark Thomas wrote: On 02/02/18 04:06, Christopher Schultz wrote: It seems

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Hi, On 2 February 2018 at 19:55, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 2/2/18 5:35 AM, Mark Thomas wrote: > > On 02/02/18 04:06, Christopher Schultz wrote: > > > > > > > >> It seems reasonable for Tomcat

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 2/2/18 5:35 AM, Mark Thomas wrote: > On 02/02/18 04:06, Christopher Schultz wrote: > > > >> It seems reasonable for Tomcat to verify that any "critical" >> key-use extensions are respected, and perhaps even some >> non-critical ones. >

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Hi Chris, On 2 February 2018 at 09:36, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Indunil, > > On 2/1/18 7:33 AM, Indunil Rathnayake wrote: > > I have configured a tomcat connector for handling requests for a > >

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

On 02/02/18 04:06, Christopher Schultz wrote: > It seems reasonable for Tomcat to verify that any "critical" key-use > extensions are respected, and perhaps even some non-critical ones. I'd assume that JSSE / OpenSSl do this automatically. Is there any evidence that they do not? Mark

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Indunil, On 2/1/18 7:33 AM, Indunil Rathnayake wrote: > I have configured a tomcat connector for handling requests for a > particular servlet and have configured a trust store for the > connector. Anyone knows whether tomcat handles validation of

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Indunil, On 2/1/18 6:15 PM, Indunil Rathnayake wrote: > Adding Chris There's no need to specifically CC list members. - -chris > On 1 February 2018 at 18:03, Indunil Rathnayake > wrote: > >> Hi, >> >> I have configured

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Adding Chris On 1 February 2018 at 18:03, Indunil Rathnayake wrote: > Hi, > > I have configured a tomcat connector for handling requests for a > particular servlet and have configured a trust store for the connector. > Anyone knows whether tomcat handles validation of

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

Hi Chris, On 1 February 2018 at 20:25, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Indunil, > > On 2/1/18 7:29 AM, Indunil Rathnayake wrote: > > I have configured a tomcat connector for handling requests for a > > particular

Re: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Indunil, On 2/1/18 7:29 AM, Indunil Rathnayake wrote: > I have configured a tomcat connector for handling requests for a > particular servlet and have configured a trust store for the > connector. Anyone knows whether tomcat handles validation of