You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Francisco Queiros Pinto <fr...@computing-services.oxford.ac.uk> on 2002/09/27 19:57:25 UTC
SSL Broken in 4.1.12?
Hi,
I've just upgraded Tomcat 4.1.10 to 4.1.12.
When trying a secure connection, the browser asks me to
accept the server certificate and seems to achieve it.
However, contrary to the previous version, now the server
generates the following error:
---- (catalina.out) ----
WARNING: Exception getting SSL attributes
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
at
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118)
...
----
To see if there was anything wrong with the old certificate
I've created a new certificate and started tomcat again.
However, as previously, the browser still seems to open a
secure connection with the server, but the server error still
persists.
Is this a bug or a feature related with a security vulnerability
in the previous version?
Anyone had similar problems?
Regards,
--
Francisco
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: SSL Broken in 4.1.12?
Posted by Bill Barker <re...@verizon.net>.
If you are not using client-cert auth, this is just a useless waste of
log-space (e.g. debugging statements that weren't removed). If you can
waste the space, then you can safely ignore the warnings. Replacing
tomcat-util.jar from the nightly (This is a pretty stable package, so not
much risk) will fix the logs. If you are using client-cert auth with
Coyote, then you must upgrade the jar file, since it is broken in 4.1.12
with Coyote unless you are using 'clientAuth="true"'.
"Francisco Queiros Pinto" <fr...@computing-services.oxford.ac.uk>
wrote in message news:3D949C05.3090804@computing-services.oxford.ac.uk...
> Hi,
>
> I've just upgraded Tomcat 4.1.10 to 4.1.12.
> When trying a secure connection, the browser asks me to
> accept the server certificate and seems to achieve it.
> However, contrary to the previous version, now the server
> generates the following error:
>
> ---- (catalina.out) ----
> WARNING: Exception getting SSL attributes
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
75)
> at
>
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.j
ava:118)
> ...
> ----
>
> To see if there was anything wrong with the old certificate
> I've created a new certificate and started tomcat again.
> However, as previously, the browser still seems to open a
> secure connection with the server, but the server error still
> persists.
>
> Is this a bug or a feature related with a security vulnerability
> in the previous version?
>
> Anyone had similar problems?
> Regards,
>
>
> --
> Francisco
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: SSL Broken in 4.1.12?
Posted by Alexey Lischinsky <oa...@directvinternet.com>.
Maybe I'm wrong, but try to check the connector settings in
$CATALINA_HOME/conf/server.xml for SSL.
I have the following:
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="7443" [skip] scheme="https" secure="true">
<Factory className="[skip]" clientAuth="false" keystorePass="[skip]"
protocol="TLS"/>
</Connector>
in Factory element clientAuth attribute should be false, or server will need
client certificate.
Good luck!
Alexey.
----- Original Message -----
From: "Francisco Queiros Pinto"
<fr...@computing-services.oxford.ac.uk>
To: <to...@jakarta.apache.org>
Sent: Friday, September 27, 2002 10:57 AM
Subject: SSL Broken in 4.1.12?
> Hi,
>
> I've just upgraded Tomcat 4.1.10 to 4.1.12.
> When trying a secure connection, the browser asks me to
> accept the server certificate and seems to achieve it.
> However, contrary to the previous version, now the server
> generates the following error:
>
> ---- (catalina.out) ----
> WARNING: Exception getting SSL attributes
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62
75)
> at
>
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.j
ava:118)
> ...
> ----
>
> To see if there was anything wrong with the old certificate
> I've created a new certificate and started tomcat again.
> However, as previously, the browser still seems to open a
> secure connection with the server, but the server error still
> persists.
>
> Is this a bug or a feature related with a security vulnerability
> in the previous version?
>
> Anyone had similar problems?
> Regards,
>
>
> --
> Francisco
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: SSL Broken in 4.1.12?
Posted by Brad Plies <pl...@yahoo.com>.
I hate being one that says "works for me!", but it
does. However, I did have a momentary problem too
after I upgraded from 4.0.4 to 4.1.12, but that was
because I forgot to copy a /keys directory.
Never have witnessed that backtrace before, it almost
looks like there is a requirement that the client
authenticates via SSL? Personal certs?
--- Francisco Queiros Pinto
<fr...@computing-services.oxford.ac.uk>
wrote:
> Hi,
>
> I've just upgraded Tomcat 4.1.10 to 4.1.12.
> When trying a secure connection, the browser asks me
> to
> accept the server certificate and seems to achieve
> it.
> However, contrary to the previous version, now the
> server
> generates the following error:
>
> ---- (catalina.out) ----
> WARNING: Exception getting SSL attributes
> javax.net.ssl.SSLPeerUnverifiedException: peer not
> authenticated
> at
>
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
> at
>
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118)
> ...
> ----
>
> To see if there was anything wrong with the old
> certificate
> I've created a new certificate and started tomcat
> again.
> However, as previously, the browser still seems to
> open a
> secure connection with the server, but the server
> error still
> persists.
>
> Is this a bug or a feature related with a security
> vulnerability
> in the previous version?
>
> Anyone had similar problems?
> Regards,
>
>
> --
> Francisco
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>