You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Francisco Queiros Pinto <fr...@computing-services.oxford.ac.uk> on 2002/09/27 18:08:45 UTC
Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes
Hi,
I've just upgraded Tomcat 4.1.10 to 4.1.12.
When trying a secure connection, the browser asks me to
accept the server certificate and seems to achieve it.
However, contrary to the previous version, now the server
generates the following error:
---- (catalina.out) ----
WARNING: Exception getting SSL attributes
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
at
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118)
...
----
To see if there was anything wrong with the old certificate
I've created a new certificate with:
keytool -genkey -alias tomcat -keyalg RSA
and started tomcat again. However, as previously, the browser
still seems to open a secure connection with the server, but
the server error still persists.
Is this a bug or a feature related with a security vulnerability
in the previous version?
Anyone had similar problems?
Regards,
--
Francisco
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes
Posted by Remy Maucherat <re...@apache.org>.
Francisco Queiros Pinto wrote:
> Hi,
>
> I've just upgraded Tomcat 4.1.10 to 4.1.12.
> When trying a secure connection, the browser asks me to
> accept the server certificate and seems to achieve it.
> However, contrary to the previous version, now the server
> generates the following error:
>
> ---- (catalina.out) ----
> WARNING: Exception getting SSL attributes
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
>
> at
> org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118)
>
> ...
> ----
>
> To see if there was anything wrong with the old certificate
> I've created a new certificate with:
>
> keytool -genkey -alias tomcat -keyalg RSA
>
> and started tomcat again. However, as previously, the browser
> still seems to open a secure connection with the server, but
> the server error still persists.
>
> Is this a bug or a feature related with a security vulnerability
> in the previous version?
No, it's a warning that gets printed out although it shouldn't
(basically, the connector tries to get the client certificate although
client cert is not used). It has little ill effects except a performance
decrease because the traces are printed out.
It is already fixed in CVS, and will be fixed in the next release.
Remy
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>