Hello all, I have upgraded the Tomcat version from 9.0.85 to 9.0.86 (and tried with 9.0.87 too).
Some of our tests which involve on mutual authentication ("certificateVerification = optional") have started to fail. In tests where the client does pass the certificate, I didn't see any SSL handshake errors (with SSL handshake debugging enabled) but "javax.servlet.request.X509Certificate" attribute wasn't set. This is the attribute the application needs for further validations. Could anyone please give pointers on how to debug this further? Any code pointers where Tomcat sets this "javax.servlet.request.X509Certificate" attribute? Also, one more question - with optional certificate verification, the connection doesn't fail if certificate is not passed. But connection will fail if SSL handshake fails when a certificate is passed by client, is that correct understanding? Thanks, Amit