----- Original Message ----- From: "Alain Baucant" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 16, 2004 12:13 AM
Subject: SSL connector to check Certificate Revocation List
Is it possible to define a CRL to be checked by tomcat when using SSL ?
Sounds like a good thing to add :).
If yes, with which tomcat version ?
If no, is it planned ?
Well, this is an O/S project :). If you're willing to provide a patch, probably soon. If you are waiting for me to provide a patch, probably whenever-I-have-time :).
I see two problems :
- if the CRL check (for ssl client auth) is done at the connector level (I'm not sure it will be the right patch) and not at the application level, I won't be able to catch a crl check failure and redirect to a specific page.
It's a problem I already encountered : if the https connexion can't be established (because no client cert or ...), tomcat seems not to see the connexion. So it doesn't redirect to an error page. And the application is not aware a connexion has fail.
But I'd like to redirect as many as https connection failure to a specific page.
What do you think about it ?
- to do it properly, I'll need some help: where to patch the code, ... and I'm still not sure to do it right enough. But I could try, (and try to find enough time, of course) I'll tell you.
Alain.
I apologize disturbing developpers with this question but I didn't recevie any answer on tomcat-user.
Thanks for your help, Alain.
PS: Where can I find a full description of configuration attributes of the coyote connector ?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
------------------------------------------------------------------------
This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments.
In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail.
------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
