DO NOT REPLY [Bug 49335] Client certificate not passed to Tomcat

[bu...@apache.org]

https://issues.apache.org/bugzilla/show_bug.cgi?id=49335

--- Comment #1 from Konstantin Kolinko <kn...@gmail.com> 2010-05-24 20:03:24 EDT ---
Is it reproducible in 7.0 RC3 only, or in 6.0.x as well?

Is Tomcat running with 32-bit or 64-bit JRE? Is Tomcat-Native used?

Does this certificate fit into a single AJP packet, along with other request
headers? Sure that it does fit, because otherwise there must be an error
logged.

I wonder, how the AJP packet created by mod_jk differs from the one created by
mod_proxy_ajp.


In mod_jk the place where SSL certificate is appended to the packet is
native\common\jk_ajp_common.c
-- look for SC_A_SSL_CERT there

In mod_proxy_ajp of Apache 2.2.x the SSL certificates are appended in
modules\proxy\ajp_header.c
-- look for SC_A_SSL_CERT there

By quick look the code there looks quite similar, but there might be a
difference on how information on the presence of a certificate is obtained.

What JkOptions directives are used in the configuration?
I see that mod_jk can send a whole certificate chain if +ForwardSSLCertChain
option is used (off by default). It looks that mod_proxy_ajp cannot send the
certificate chain.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org