If you are not using client-cert auth, this is just a useless waste of log-space (e.g. debugging statements that weren't removed). If you can waste the space, then you can safely ignore the warnings. Replacing tomcat-util.jar from the nightly (This is a pretty stable package, so not much risk) will fix the logs. If you are using client-cert auth with Coyote, then you must upgrade the jar file, since it is broken in 4.1.12 with Coyote unless you are using 'clientAuth="true"'.
"Francisco Queiros Pinto" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I've just upgraded Tomcat 4.1.10 to 4.1.12. > When trying a secure connection, the browser asks me to > accept the server certificate and seems to achieve it. > However, contrary to the previous version, now the server > generates the following error: > > ---- (catalina.out) ---- > WARNING: Exception getting SSL attributes > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62 75) > at > org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.j ava:118) > ... > ---- > > To see if there was anything wrong with the old certificate > I've created a new certificate and started tomcat again. > However, as previously, the browser still seems to open a > secure connection with the server, but the server error still > persists. > > Is this a bug or a feature related with a security vulnerability > in the previous version? > > Anyone had similar problems? > Regards, > > > -- > Francisco -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
