You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/05/16 20:40:33 UTC
DO NOT REPLY [Bug 19991] -
SSL support with mod_jk2 broken
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19991>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19991
SSL support with mod_jk2 broken
------- Additional Comments From drodriguez@divisait.com 2003-05-16 18:40 -------
First of all, excuse me for my poor english, I wrote the previous message very
quickly, so... I hope that you could understand it better now.
Several time ago, I reported a bug, that was a duplicate of #15790. This bug
(resolved), states that if you are using Apache2 as an SSL frontend for Tomcat
4.1 with mod_jk2, you couldn't recover client certificates (you receive an
IOException). In this bug we are suggested to apply a patch for
JkCoyoteHandler.java.
After applying this bug, I'm able to recover the client certificate from the
application, with no annoying exception.
But, as we have tested in our application, this behavior isn't still correct. I
propose you to follow this test case:
1. Create a Web Application (just a JSP) that recovers client certificate from
request.
2. Use Apache2 (with SSL) and mod_jk2 as a frontend from this application.
Configure SSL in order to support client certificates but in a optional way.
3. From PC #1 launch a IExplore (e.g). Go to the application
(https://.../myApp/myPage.jsp), you will be asked for a client certificate.
Suppose that you give your certificate #C1.
4. From PC #2 launch another IExplore. Go to the application, and when you are
asked for a certificate, click on Cancel. Your JSP application should be
expected to print a null for client certificate, the surprise arrives when the
certificate printed is #C1.
I hope this could be understanded better. I'll try to prepare a test-case and
publish as an attachment.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org