You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Florian Rock <fl...@web.de> on 2006/07/10 16:33:40 UTC
forward SSL-Certificate to ActionContext with Tomcat Native
Hello guys,
I verify clients by Certificate in my Application.
X509Certificate[] certs =
(X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
this works fine with connector like:
<Connector port="8443" maxHttpHeaderSize="8192"
keystoreFile="conf/keystore.jks" keystorePass="pw"
truststoreFile="conf/truststore.jks" truststorePass="pw"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS" />
but i want to use Apache Portable Runtime with Tomcat (libtcnative).
because APR comes with OpenSSL specific Connector attributes i have to
change connector to:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEngine="on"
SSLCertificateFile="${catalina.base}/conf/ssl.server/server.crt"
SSLCertificateKeyFile="${catalina.base}/conf/ssl.server/server.key"
SSLVerifyClient="optional"
SSLCACertificatePath="${catalina.base}/conf/ssl.client"
SSLOptions="+StdEnvVars +ExportCertData"
/>
ClientAuth works fine with Tomcat but Certificate got not forwarded to
ActionContext:
so X509Certificate[] certs =
(X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
returns null.
i use:
Apache Tomcat 5.5.17
OpenSSL 0.9.7e
Tomcat Native 1.1.3
greets
Florian
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: forward SSL-Certificate to ActionContext with Tomcat Native
Posted by Florian Rock <fl...@web.de>.
Hello,
the answer is very simple:
this is a bug in APR components (the https connector)
http://issues.apache.org/bugzilla/show_bug.cgi?id=37869
thats the reason why i don't able to use apr :(
greets
Florian
Florian Rock schrieb:
> Hello guys,
>
> I verify clients by Certificate in my Application.
> X509Certificate[] certs =
> (X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
>
> this works fine with connector like:
> <Connector port="8443" maxHttpHeaderSize="8192"
> keystoreFile="conf/keystore.jks" keystorePass="pw"
> truststoreFile="conf/truststore.jks" truststorePass="pw"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="want" sslProtocol="TLS" />
>
> but i want to use Apache Portable Runtime with Tomcat (libtcnative).
> because APR comes with OpenSSL specific Connector attributes i have to
> change connector to:
>
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> SSLEngine="on"
>
> SSLCertificateFile="${catalina.base}/conf/ssl.server/server.crt"
>
>
> SSLCertificateKeyFile="${catalina.base}/conf/ssl.server/server.key"
> SSLVerifyClient="optional"
> SSLCACertificatePath="${catalina.base}/conf/ssl.client"
> SSLOptions="+StdEnvVars +ExportCertData"
> />
>
> ClientAuth works fine with Tomcat but Certificate got not forwarded to
> ActionContext:
> so X509Certificate[] certs =
> (X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
> returns null.
>
> i use:
> Apache Tomcat 5.5.17
> OpenSSL 0.9.7e
> Tomcat Native 1.1.3
>
> greets
> Florian
>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org