You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Bob Herrmann <bo...@jadn.com> on 2002/10/03 23:27:17 UTC
SSL Client-Auth
Hi. I have been looking into a problem with Tomcat5, ClientAuth=false,
and JSSE in JDK1.4 and it seems like the JSSE has a problem.
Namely if you build an SSL socket, then later decide you need to
exchange certs with the client (ie. CLIENT-CERT), then the
SSlSocket.startHandshake()
method is called. Unfortunately this method is asynchronous, and waits
for a read() or write() to occur before it does it's work. TC5
processes requests kinda like this; a Request comes in, TC5 checks to
see if the Resource is protected, then a negotiation may start. However
JSSE won't initiate a cert exchange unless a Read() or a Write() happens
on the socket, but TC5 doesn't have anything it wants to write or read
when the 'startHandshake()' is called....
I have been playing around with using a sendRedirect() back to the same
page, but boy does that seem messy.
Any ideas?
-bob
P.S. I tweaked the JSSE sample programs to demonstrate the problem
outside of Tomcat. If anyone wants a copy - just ask.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>