You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by yo...@apache.org on 2006/12/24 17:29:28 UTC
svn commit: r490037 - in /tomcat/container/tc5.5.x:
catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
webapps/docs/config/http.xml webapps/docs/ssl-howto.xml
Author: yoavs
Date: Sun Dec 24 08:29:27 2006
New Revision: 490037
URL: http://svn.apache.org/viewvc?view=rev&rev=490037
Log:
Bugzilla 34643: better documentation of per-user / per-session clientAuth usage.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
tomcat/container/tc5.5.x/webapps/docs/config/http.xml
tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java Sun Dec 24 08:29:27 2006
@@ -38,6 +38,9 @@
* An <b>Authenticator</b> and <b>Valve</b> implementation of authentication
* that utilizes SSL certificates to identify client users.
*
+ * You will likely want to read the SSL HowTo in the Tomcat documentation:
+ * http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
+ *
* @author Craig R. McClanahan
* @version $Revision$ $Date$
*/
Modified: tomcat/container/tc5.5.x/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/config/http.xml?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/config/http.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/config/http.xml Sun Dec 24 08:29:27 2006
@@ -423,7 +423,8 @@
value (which is the default) will not require a certificate chain
unless the client requests a resource protected by a security
constraint that uses <code>CLIENT-CERT</code> authentication. See the
- <a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
+ <a href="../ssl-howto.html">SSL HowTo</a> for an example. That SSL HowTo
+ also contains tips on using per-user or per-session certificate-based clientAuth.</p>
</attribute>
<attribute name="keystoreFile" required="false">
Modified: tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml Sun Dec 24 08:29:27 2006
@@ -8,7 +8,7 @@
<properties>
<author email="ccain@apache.org">Christopher Cain</author>
- <author email="yoavs@apache.org">Yoav Shapira</author>
+ <author>Yoav Shapira</author>
<title>SSL Configuration HOW-TO</title>
</properties>
@@ -288,7 +288,7 @@
<p><strong>Note:</strong> your private key password and keystore password
should be the same. If they differ, you will get an error along the lines
of <code>java.io.IOException: Cannot recover key</code>, as documented in
-<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38217">Bugzilla issue 38217</a>,
+<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=38217">Bugzilla 38217</a>,
which contains further references for this issue.</p>
</subsection>
@@ -350,6 +350,9 @@
all SSL clients to present a client Certificate in order to use
this socket. Set this value to <code>want</code> if you want Tomcat
to request a client Certificate, but not fail if one isn't presented.
+ For using clientAuth on a per-user or per-session basis, check out
+ the tips in
+ <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34643" title="Bugzilla 34643">Bugzilla 34643</a>.
</td>
</tr>
<tr>
@@ -558,6 +561,13 @@
For additional discussion on this area, please see
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=22679">Bugzilla</a>.
</p>
+
+<p>For tips on using clientAuth on a per-user or per-session basis, and also for
+using clientAuth with self-signed or expired client certificates, please see the
+discussion in
+<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34643" title="Bugzilla 34643">Bugzilla 34643</a>.
+</p>
+
</section>
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org