You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@jakarta.apache.org by Harish Prabandham <Ha...@eng.sun.com> on 1999/11/03 17:27:36 UTC

Re: Jakarta and SSL client certificates

Hi,


David Brownell wrote:

> Paul Frieden wrote:
> >
> >         The 2.2pr2
> > spec specifies that a servlet should be able to get a client certificate
> > by calling getAttribute("javax.servlet.request.X509Certificate") on the
> > ServletRequest and retrieve a java.security.cert.X509Certificate.
>
> By the way, why is it that it returns only one certificate, rather
> than the entire certificate chain known to the server?

Yes. It should probably return a certificate chain rather than
a single certificate.


>
>
> Original versions of the servlet API returned the whole array of
> certificates ... since some applications care about the whole
> certification path, and need X.509 attributes from CA certs to
> make certain security policy decisions.
>
> - Dave
>
> >         Unfortunately, the ajp protocols
> > seem to pass only specific variables which don't include any of the SSL
> > variables.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org