Changing the CGI Servlet may be the easiest route, but if I wanted to use
it as intended, I'm guessing I would use the original Java code that you
sent below?
X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
I would just have to figure out how to do that within Oracle.
On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
> If you decide to go the route of modifying Tomcat's CGI servlet, this is
> probably where you'll want to add the TLS info:
>
>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
>
> You should be able to copy the source of Tomcat's CGI servlet, modify as
> required and then just deploy it as part of the web application the same
> way you would any other servlet.
>
> Mark
>
>
> On 12/06/2023 10:41, Timothy Ward wrote:
> > I'm converting an application from using Oracle Http Server which is a
> > version of Apache so I was just trying to keep the code close to the
> same.
> >
> > It is going to use Tomcat and ORDS. We've got ORDS working and are just
> > setting up Tomcat to do the SSL stuff we needed to do.
> >
> > I was using the SSLOptions +StdEnvVars settings that would set the
> > variables I needed as environment variables that I could then pick up in
> > Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >
> > So, I guess if there is a different way of doing that without using CGI
> > Environment variables I can try that. I'm just having issues finding any
> > useful examples of what I want to do.
> >
> > Thanks for your help, it is really appreciated.
> >
> > On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >> The information you are looking for is not made available via Tomcat's
> >> standard CGI servlet. You would need to extend it and add the
> >> certificate information as an additional environment variable (or
> >> variables).
> >>
> >> Do you need to use CGI? It is fairly unusual to see CGI mention on this
> >> list these days.
> >>
> >> Mark
> >>
> >>
> >> On 11/06/2023 22:56, Timothy Ward wrote:
> >>> Doesn't seem to work via perl, where would I have to use that line of
> >> code?
> >>>
> >>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >> marty...@atomgraph.com>
> >>> wrote:
> >>>
> >>>> You can get client certificates from ServletRequest:
> >>>>
> >>>> X509Certificate[] certs =
> >>>>
> >>>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>
> >>>>
> >>>>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>>>
> >>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <twardbite...@gmail.com
> >
> >>>> wrote:
> >>>>>
> >>>>> Tomcat 10.1 setup using certificateVerification="required" on Windows
> >>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >>>> SSL_CLIENT_I_DN
> >>>>> via a CGI perl script? I think I have the SSLValve valve
> implemented,
> >>>> but
> >>>>> there is nothing for sure that tells me that it is.
> >>>>>
> >>>>> The browser prompts for the pin and authenticates just fine, I just
> >> need
> >>>> a
> >>>>> way to get some of the client certificate information.
> >>>>>
> >>>>> Thanks,
> >>>>> Tim
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>>> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
