You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@apache.org on 2003/04/16 21:23:35 UTC
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java
costin 2003/04/16 12:23:35
Modified: util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java
Log:
Allow connections from clients with untrusted certificates.
The connection will be secure, but the cert can't be verified.
We should try to extract the cert even if it can't be verified - but that's more
complex ( JSSE throws exception "Invalid certificate" )
Revision Changes Path
1.3 +14 -3 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java
Index: JSSE14Support.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- JSSE14Support.java 29 Mar 2003 07:37:25 -0000 1.2
+++ JSSE14Support.java 16 Apr 2003 19:23:34 -0000 1.3
@@ -140,10 +140,21 @@
}
}
+ /** Return the X509certificates or null if we can't get them.
+ * XXX We should allow unverified certificates
+ */
protected X509Certificate [] getX509Certificates(SSLSession session)
- throws IOException {
- Certificate [] certs = session.getPeerCertificates();
- X509Certificate [] x509Certs = new X509Certificate[certs.length];
+ throws IOException
+ {
+ Certificate [] certs=null;
+ try {
+ certs = session.getPeerCertificates();
+ } catch( Throwable t ) {
+ return null;
+ }
+ if( certs==null ) return null;
+
+ X509Certificate [] x509Certs = new X509Certificate[certs.length];
for(int i=0; i < certs.length; i++) {
if( certs[i] instanceof X509Certificate ) {
// always currently true with the JSSE 1.1.x
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org