If you decide to go the route of modifying Tomcat's CGI servlet, this is
probably where you'll want to add the TLS info:
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
You should be able to copy the source of Tomcat's CGI servlet, modify as
required and then just deploy it as part of the web application the same
way you would any other servlet.
Mark
On 12/06/2023 10:41, Timothy Ward wrote:
I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the same.
It is going to use Tomcat and ORDS. We've got ORDS working and are just
setting up Tomcat to do the SSL stuff we needed to do.
I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that. I'm just having issues finding any
useful examples of what I want to do.
Thanks for your help, it is really appreciated.
On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
The information you are looking for is not made available via Tomcat's
standard CGI servlet. You would need to extend it and add the
certificate information as an additional environment variable (or
variables).
Do you need to use CGI? It is fairly unusual to see CGI mention on this
list these days.
Mark
On 11/06/2023 22:56, Timothy Ward wrote:
Doesn't seem to work via perl, where would I have to use that line of
code?
On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
marty...@atomgraph.com>
wrote:
You can get client certificates from ServletRequest:
X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <twardbite...@gmail.com>
wrote:
Tomcat 10.1 setup using certificateVerification="required" on Windows
Server 2019, is there a way to get the SSL_CLIENT_S_DN and
SSL_CLIENT_I_DN
via a CGI perl script? I think I have the SSLValve valve implemented,
but
there is nothing for sure that tells me that it is.
The browser prompts for the pin and authenticates just fine, I just
need
a
way to get some of the client certificate information.
Thanks,
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
