TC 3.3.1 at the moment doesn't include a "CertificateRealm" (but contributions are welcome :). The certificate chain is made available to a custom Realm, or servlet that wants this information. However, Tomcat 3.3.1 doesn't use this information itself.
----- Original Message ----- From: "Christopher Todd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 08, 2002 4:52 PM Subject: SSL client auth support in TC 3.x and 4.x > Is SSL client auth supported in versions of Tomcat prior to 4.x? In looking > over the source code, I can see that in TC 4.1.10, > Realm.authenticate(X509Certificate[] certs) authenticates a user based on > the certiticate chain that is presented. But in looking through the source > for TC 3.3.1, I cannot find any calls to > java(x).security.cert.X509Certitificate.validate() or verify(). > > Nonetheless, I can see classes like JSSESuport and PureTLSSupport that > obtain the chain of certificates via > javax.net.ssl.SSLSession.getPeerCertificateChain(), but for the life of me, > I cannot find any classes that are actually using the array of certs that is > returned. I have looked at the Realm class and it's subclasses, and I have > seen some things in the Http10Interceptor related to setting up the SSL > socket, but it doesn't look to me like TC 3.3.1 supports client auth. > > Did I just miss it? If SSL client auth is supported in TC 3.x, could > someone please point me to the class and method responsible for verifying > and validating a clients identity using the certificate chain? > > Thanks in advance, > Chris > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>