You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/04/15 12:51:28 UTC
[Bug 64353] New: Add support for accessing server certificate from
TLS context
https://bz.apache.org/bugzilla/show_bug.cgi?id=64353
Bug ID: 64353
Summary: Add support for accessing server certificate from TLS
context
Product: Tomcat 10
Version: 10.0.0-M4
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: michaelo@apache.org
Target Milestone: ------
Based on this discussion:
https://www.mail-archive.com/users@tomcat.apache.org/msg134872.html
There should be an option to access the used server certificate from the
current request being served by one TLS context. As easy as:
request.getAttribute("magic_name")
Return would be, similar to client certs, X509Certificate or X509Certificate[].
This requires these changes (non-exhaustive):
* SSLSupport implementations
* Define a new property in SSLSupport and org.apache.catalina.Globals for the
server cert
* org.apache.catalina.util.TLSUtil.isTLSRequestAttribute(String) and its
callers
* org.apache.coyote.AbstractProcessor.populateSslRequestAttributes() to add new
attribute to the request
* SSLValve to read server cert from reverse proxy, CGI var SSL_SERVER_CERT
* AJP and friends to deliver this piece of information
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64353] Add support for accessing server certificate from TLS context
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64353
--- Comment #1 from Bhavesh <mi...@gmail.com> ---
Based on the Discussion
(https://www.mail-archive.com/users@tomcat.apache.org/msg142103.html) with
Mark, Please add the ability to get the SNI name used by TLS. For each request,
this will give the ability to know the application that was SNI hostname used
to connect to the server.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org