You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by co...@apache.org on 2003/04/16 21:23:35 UTC

cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java

costin      2003/04/16 12:23:35

  Modified:    util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java
  Log:
  Allow connections from clients with untrusted certificates.
  The connection will be secure, but the cert can't be verified.
  
  We should try to extract the cert even if it can't be verified - but that's more
  complex ( JSSE throws exception "Invalid certificate" )
  
  Revision  Changes    Path
  1.3       +14 -3     jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java
  
  Index: JSSE14Support.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- JSSE14Support.java	29 Mar 2003 07:37:25 -0000	1.2
  +++ JSSE14Support.java	16 Apr 2003 19:23:34 -0000	1.3
  @@ -140,10 +140,21 @@
           }
       }
   
  +    /** Return the X509certificates or null if we can't get them.
  +     *  XXX We should allow unverified certificates 
  +     */ 
       protected X509Certificate [] getX509Certificates(SSLSession session) 
  -	throws IOException {
  -	Certificate [] certs = session.getPeerCertificates();
  -	X509Certificate [] x509Certs = new X509Certificate[certs.length];
  +	throws IOException 
  +    {
  +        Certificate [] certs=null;
  +        try {
  +	    certs = session.getPeerCertificates();
  +        } catch( Throwable t ) {
  +            return null;
  +        }
  +        if( certs==null ) return null;
  +        
  +        X509Certificate [] x509Certs = new X509Certificate[certs.length];
   	for(int i=0; i < certs.length; i++) {
   	    if( certs[i] instanceof X509Certificate ) {
   		// always currently true with the JSSE 1.1.x
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org