You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by yo...@apache.org on 2006/12/24 17:29:28 UTC

svn commit: r490037 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java webapps/docs/config/http.xml webapps/docs/ssl-howto.xml

Author: yoavs
Date: Sun Dec 24 08:29:27 2006
New Revision: 490037

URL: http://svn.apache.org/viewvc?view=rev&rev=490037
Log:
Bugzilla 34643: better documentation of per-user / per-session clientAuth usage.

Modified:
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
    tomcat/container/tc5.5.x/webapps/docs/config/http.xml
    tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java Sun Dec 24 08:29:27 2006
@@ -38,6 +38,9 @@
  * An <b>Authenticator</b> and <b>Valve</b> implementation of authentication
  * that utilizes SSL certificates to identify client users.
  *
+ * You will likely want to read the SSL HowTo in the Tomcat documentation:
+ * http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
+ *
  * @author Craig R. McClanahan
  * @version $Revision$ $Date$
  */

Modified: tomcat/container/tc5.5.x/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/config/http.xml?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/config/http.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/config/http.xml Sun Dec 24 08:29:27 2006
@@ -423,7 +423,8 @@
       value (which is the default) will not require a certificate chain
       unless the client requests a resource protected by a security
       constraint that uses <code>CLIENT-CERT</code> authentication. See the
-      <a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
+      <a href="../ssl-howto.html">SSL HowTo</a> for an example.  That SSL HowTo
+      also contains tips on using per-user or per-session certificate-based clientAuth.</p>
     </attribute>
 
     <attribute name="keystoreFile" required="false">

Modified: tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml Sun Dec 24 08:29:27 2006
@@ -8,7 +8,7 @@
 
     <properties>
         <author email="ccain@apache.org">Christopher Cain</author>
-        <author email="yoavs@apache.org">Yoav Shapira</author>
+        <author>Yoav Shapira</author>
         <title>SSL Configuration HOW-TO</title>
     </properties>
 
@@ -288,7 +288,7 @@
 <p><strong>Note:</strong> your private key password and keystore password
 should be the same.  If they differ, you will get an error along the lines
 of <code>java.io.IOException: Cannot recover key</code>, as documented in 
-<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38217">Bugzilla issue 38217</a>, 
+<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38217">Bugzilla 38217</a>, 
 which contains further references for this issue.</p>
 
 </subsection>
@@ -350,6 +350,9 @@
         all SSL clients to present a client Certificate in order to use
         this socket.  Set this value to <code>want</code> if you want Tomcat
         to request a client Certificate, but not fail if one isn't presented.
+        For using clientAuth on a per-user or per-session basis, check out
+        the tips in 
+        <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34643" title="Bugzilla 34643">Bugzilla 34643</a>.
     </td>
   </tr>
   <tr>
@@ -558,6 +561,13 @@
 For additional discussion on this area, please see
 <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22679">Bugzilla</a>.
 </p>
+
+<p>For tips on using clientAuth on a per-user or per-session basis, and also for
+using clientAuth with self-signed or expired client certificates, please see the
+discussion in 
+<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34643" title="Bugzilla 34643">Bugzilla 34643</a>.
+</p>
+
 </section>
 
 </body>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org