I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the same.
It is going to use Tomcat and ORDS. We've got ORDS working and are just
setting up Tomcat to do the SSL stuff we needed to do.
I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that. I'm just having issues finding any
useful examples of what I want to do.
Thanks for your help, it is really appreciated.
On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
> The information you are looking for is not made available via Tomcat's
> standard CGI servlet. You would need to extend it and add the
> certificate information as an additional environment variable (or
> variables).
>
> Do you need to use CGI? It is fairly unusual to see CGI mention on this
> list these days.
>
> Mark
>
>
> On 11/06/2023 22:56, Timothy Ward wrote:
> > Doesn't seem to work via perl, where would I have to use that line of
> code?
> >
> > On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> marty...@atomgraph.com>
> > wrote:
> >
> >> You can get client certificates from ServletRequest:
> >>
> >> X509Certificate[] certs =
> >>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>
> >>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>
> >> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <twardbite...@gmail.com>
> >> wrote:
> >>>
> >>> Tomcat 10.1 setup using certificateVerification="required" on Windows
> >>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >> SSL_CLIENT_I_DN
> >>> via a CGI perl script? I think I have the SSLValve valve implemented,
> >> but
> >>> there is nothing for sure that tells me that it is.
> >>>
> >>> The browser prompts for the pin and authenticates just fine, I just
> need
> >> a
> >>> way to get some of the client certificate information.
> >>>
> >>> Thanks,
> >>> Tim
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
