You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Larry Isaacs <La...@sas.com> on 2001/09/19 14:15:55 UTC

Status of Cert handling in Tomcat 3.3

Hi,

With the latest source and the attached patch from Nacho,
isapi_redirect.dll is able to pass the certificate to
Tomcat.  However, when I try it out on Win2k and IIS5.0
I get the following exception displayed:

Ajp13: Certificate convertion failed
java.security.cert.CertificateException: Unable to initialize,
java.io.IOException: DerInputStream.getLength(): lengthTag=76, too big.

This comes from the:

    X509Certificate cert = (X509Certificate)
            cf.generateCertificate(bais);

call now found in o.a.t.util.compat.Jdk12Support.getX509Certificates().

I haven't tried this with Apache and mod_jk.  Is that combination
working for others?

Any clues or suggestions how to pursue this problem would
be appreciated.

Cheers,
Larry Isaacs

Re: Status of Cert handling in Tomcat 3.3

Posted by jean-frederic clere <jf...@fujitsu-siemens.com>.

Larry Isaacs wrote:
> 
> Hi,
> 
> With the latest source and the attached patch from Nacho,
> isapi_redirect.dll is able to pass the certificate to
> Tomcat.  However, when I try it out on Win2k and IIS5.0
> I get the following exception displayed:
> 
> Ajp13: Certificate convertion failed
> java.security.cert.CertificateException: Unable to initialize,
> java.io.IOException: DerInputStream.getLength(): lengthTag=76, too big.
> 
> This comes from the:
> 
>     X509Certificate cert = (X509Certificate)
>             cf.generateCertificate(bais);
> 
> call now found in o.a.t.util.compat.Jdk12Support.getX509Certificates().
> 
> I haven't tried this with Apache and mod_jk.  Is that combination
> working for others?
> 
> Any clues or suggestions how to pursue this problem would
> be appreciated.

Could you print the certificate before the
memcpy(huge_buf,s->ssl_cert,cc.CertContext.cbCertEncoded);?
- That is just  to have a hint of what is inside -

> Cheers,
> Larry Isaacs
> 
>   --------------------------------------------------------------------------------
> 
>    jk_isapi_plugin.c.diffName: jk_isapi_plugin.c.diff
>                          Type: diff files (text/plain)
> 
>                         Name: isapi_results.txt
>    isapi_results.txt    Type: diff files (text/plain)
>                     Encoding: quoted-printable