Francisco Queiros Pinto wrote: > Hi, > > I've just upgraded Tomcat 4.1.10 to 4.1.12. > When trying a secure connection, the browser asks me to > accept the server certificate and seems to achieve it. > However, contrary to the previous version, now the server > generates the following error: > > ---- (catalina.out) ---- > WARNING: Exception getting SSL attributes > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) > > at > org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118) > > ... > ---- > > To see if there was anything wrong with the old certificate > I've created a new certificate with: > > keytool -genkey -alias tomcat -keyalg RSA > > and started tomcat again. However, as previously, the browser > still seems to open a secure connection with the server, but > the server error still persists. > > Is this a bug or a feature related with a security vulnerability > in the previous version?
No, it's a warning that gets printed out although it shouldn't (basically, the connector tries to get the client certificate although client cert is not used). It has little ill effects except a performance decrease because the traces are printed out. It is already fixed in CVS, and will be fixed in the next release. Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
