You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Florian Rock <fl...@web.de> on 2006/07/10 16:33:40 UTC

forward SSL-Certificate to ActionContext with Tomcat Native

Hello guys,

I verify clients by Certificate in my Application.
X509Certificate[] certs =
(X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");

this works fine with connector like:
<Connector port="8443" maxHttpHeaderSize="8192"
               keystoreFile="conf/keystore.jks" keystorePass="pw"
               truststoreFile="conf/truststore.jks" truststorePass="pw"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="want" sslProtocol="TLS" />

but i want to use Apache Portable Runtime with Tomcat (libtcnative).
because APR comes with OpenSSL specific Connector attributes i have to
change connector to:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEngine="on"
              
SSLCertificateFile="${catalina.base}/conf/ssl.server/server.crt"               

              
SSLCertificateKeyFile="${catalina.base}/conf/ssl.server/server.key"
               SSLVerifyClient="optional"
               SSLCACertificatePath="${catalina.base}/conf/ssl.client"
               SSLOptions="+StdEnvVars +ExportCertData"
    />

ClientAuth works fine with Tomcat but Certificate got not forwarded to
ActionContext:
so X509Certificate[] certs =
(X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
returns null.

i use:
Apache Tomcat 5.5.17
OpenSSL 0.9.7e
Tomcat Native 1.1.3

greets
Florian





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: forward SSL-Certificate to ActionContext with Tomcat Native

Posted by Florian Rock <fl...@web.de>.

Hello,

the answer is very simple:
this is a bug in APR components (the https connector)
http://issues.apache.org/bugzilla/show_bug.cgi?id=37869

thats the reason why i don't able to use apr :(

greets
Florian

Florian Rock schrieb:
> Hello guys,
>
> I verify clients by Certificate in my Application.
> X509Certificate[] certs =
> (X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
>
> this works fine with connector like:
> <Connector port="8443" maxHttpHeaderSize="8192"
>                keystoreFile="conf/keystore.jks" keystorePass="pw"
>                truststoreFile="conf/truststore.jks" truststorePass="pw"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                clientAuth="want" sslProtocol="TLS" />
>
> but i want to use Apache Portable Runtime with Tomcat (libtcnative).
> because APR comes with OpenSSL specific Connector attributes i have to
> change connector to:
>
> <Connector port="8443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                SSLEngine="on"
>               
> SSLCertificateFile="${catalina.base}/conf/ssl.server/server.crt"               
>
>               
> SSLCertificateKeyFile="${catalina.base}/conf/ssl.server/server.key"
>                SSLVerifyClient="optional"
>                SSLCACertificatePath="${catalina.base}/conf/ssl.client"
>                SSLOptions="+StdEnvVars +ExportCertData"
>     />
>
> ClientAuth works fine with Tomcat but Certificate got not forwarded to
> ActionContext:
> so X509Certificate[] certs =
> (X509Certificate[])context.getRequest().getAttribute("javax.servlet.request.X509Certificate");
> returns null.
>
> i use:
> Apache Tomcat 5.5.17
> OpenSSL 0.9.7e
> Tomcat Native 1.1.3
>
> greets
> Florian
>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org