Version of tomcat is 7.0.54 and APR connector configuration looks like this:
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
connectionTimeout="600000"
SSLPassword="pass"
SSLCertificateFile="c:\programs\eis\tomcat-ssl\cert.crt"
SSLCertificateKeyFile="c:\programs\eis\tomcat-ssl\cert.key"
SSLCACertificateFile="c:\programs\eis\tomcat-ssl\cacert.pem"
SSLVerifyClient="require" />
When APR connector is used, "javax.servlet.request.X509Certificate"
attribute in request is null. This attribute should be filled by tomcat's
Http11AprProcessor. Client certificate (SSLSocket.getInfoB(socketRef,
SSL.SSL_INFO_CLIENT_CERT)) is present in this processor, but retrieving
certLength (SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN))
returns error (value -1), and therefore before mentioned
"javax.servlet.request.X509Certificate" attribute is not filled. This
happens when using chrome/firefox but not with internet explorer.
This behavior was reported and fixed as a bug in tomcat 5 (
https://issues.apache.org/bugzilla/show_bug.cgi?id=37869) but apparently it
was changed back to previous behavior in some of tomcat 6 release.
Using java connector works fine but we would like to have this worked also
with APR connector.
Any ideas?
Thanks
