DO NOT REPLY [Bug 37869] - Cannot obtain client certificate with SSL / client certificate authentication using APR components

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37869>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37869





------- Additional Comments From grgr@winuel.com.pl  2006-11-28 07:35 -------

I have the same problem (Tomcat 6.0.2, Tomcat-Native 1.1.7-win32, Windows XPSP2,
OpenSSL 0.9.8d, APR from Apache-2.2.3).

1) when I HTTP-GET some sample servlet from browser (IE, FireFox),
Http11APRProcessor doesn't insert user certificate into request object

2) when I use "openssl s_client", everything's fine

Simple debug reveals one problem - in request from browser, there is no data in:
int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN)

and so there is no cert chain in:
byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);

but there IS client's certificate in (my added sample line):
SSLSocket.getInfoB(socket, org.apache.tomcat.jni.SSL.SSL_INFO_CLIENT_CERT)

and it is the client's certificate.

I think the problem is with not looking for data under key
"org.apache.tomcat.jni.SSL.SSL_INFO_CLIENT_CERT" but only under
"org.apache.tomcat.jni.SSL.SSL_INFO_CLIENT_CERT_CHAIN"...

with regards
Grzegorz Grzybek



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org