You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Bob Herrmann <bo...@jadn.com> on 2002/10/03 23:27:17 UTC

SSL Client-Auth

Hi.  I have been looking into a problem with Tomcat5, ClientAuth=false,
and JSSE in JDK1.4 and it seems like the JSSE has a problem.

Namely if you build an SSL socket, then later decide you need to
exchange certs with the client (ie. CLIENT-CERT), then the 

	SSlSocket.startHandshake()

method is called.  Unfortunately this method is asynchronous, and waits
for a read() or write() to occur before it does it's work.  TC5
processes requests kinda like this; a Request comes in, TC5 checks to
see if the Resource is protected, then a negotiation may start.  However
JSSE won't initiate a cert exchange unless a Read() or a Write() happens
on the socket, but TC5 doesn't have anything it wants to write or read
when the 'startHandshake()' is called.... 

I have been playing around with using a sendRedirect() back to the same
page, but boy does that seem messy.

Any ideas?
-bob

P.S. I tweaked the JSSE sample programs to demonstrate the problem
outside of Tomcat.  If anyone wants a copy - just ask.





--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>