You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Antonio Fiol Bonnín <fi...@terra.es> on 2003/06/14 11:58:11 UTC
Client authentication with X509 certificate (Apache web server+mod_jk+Tomcat
4.1.24) not working
Hello,
I have been struggling with a strange problem:
Using Apache Web server (1.3.23 - 1.3.26, not tested others).
Using mod_jk (EAPI version, recent download).
On a Linux machine.
Using tomcat 4.1.24
Both on solaris and on Linux.
When Apache is configured with
SSLClientVerify optional
or
SSLClientVerify require
Mod_jk is correctly configured (see why I say that later).
Tomcat is configured with an AJP13 context, and responding well.
PROBLEM: Client certificate cannot be obtained from the application.
PROBLEM: In fact, there is an IOException *before* calling the servlet.
PROBLEM: When tomcat is reconstructing the certificate. I get:
Insufficient data ...or...
too big
WORKAROUND: I found that the same configuration on Tomcat 4.1.9 is
working perfectly.
I have been studying the differences between 4.1.9 and 4.1.24 and I have
seen that certificate handling is done in very different places in the
code (it has moved).
Does anybody have an idea of what can have broken this?
I am willing to submit a patch and/or do more investigation, so that
this problem id fixed on 4.1.25 when it comes out.
Yours sincerely,
Antonio Fiol
Re: Client authentication with X509 certificate (Apache web server+mod_jk+Tomcat
4.1.24) not working
Posted by Antonio Fiol Bonnín <fi...@terra.es>.
Hello,
What a relief!!
And I've seen that the patch for this bug is a one-liner... I will try
to backport it to the stock 4.1.24 we were willing to use.
Do you have an idea of the approx. release date for 4.1.25?
Thank you very much for your help.
Antonio Fiol
Bill Barker wrote:
>It's a known problem. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790 for more details. It is fixed in the CVS, and so will work in 4.1.25.
>
>"Antonio Fiol Bonnín" <fi...@terra.es> wrote in message news:3EEAF1B3.8040307@terra.es...
>
>
>>Hello,
>>
>>I have been struggling with a strange problem:
>>
>>Using Apache Web server (1.3.23 - 1.3.26, not tested others).
>>Using mod_jk (EAPI version, recent download).
>>On a Linux machine.
>>
>>Using tomcat 4.1.24
>>Both on solaris and on Linux.
>>
>>When Apache is configured with
>>SSLClientVerify optional
>>or
>>SSLClientVerify require
>>
>>Mod_jk is correctly configured (see why I say that later).
>>
>>Tomcat is configured with an AJP13 context, and responding well.
>>
>>PROBLEM: Client certificate cannot be obtained from the application.
>>PROBLEM: In fact, there is an IOException *before* calling the servlet.
>>PROBLEM: When tomcat is reconstructing the certificate. I get:
>> Insufficient data ...or...
>> too big
>>
>>WORKAROUND: I found that the same configuration on Tomcat 4.1.9 is
>>working perfectly.
>>
>>
>>I have been studying the differences between 4.1.9 and 4.1.24 and I have
>>seen that certificate handling is done in very different places in the
>>code (it has moved).
>>
>>Does anybody have an idea of what can have broken this?
>>
>>I am willing to submit a patch and/or do more investigation, so that
>>this problem id fixed on 4.1.25 when it comes out.
>>
>>Yours sincerely,
>>
>>Antonio Fiol
>>
>>
>
>
>
Re: Client authentication with X509 certificate (Apache web server+mod_jk+Tomcat 4.1.24) not working
Posted by Bill Barker <wb...@wilshire.com>.
It's a known problem. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790 for more details. It is fixed in the CVS, and so will work in 4.1.25.
"Antonio Fiol Bonnín" <fi...@terra.es> wrote in message news:3EEAF1B3.8040307@terra.es...
> Hello,
>
> I have been struggling with a strange problem:
>
> Using Apache Web server (1.3.23 - 1.3.26, not tested others).
> Using mod_jk (EAPI version, recent download).
> On a Linux machine.
>
> Using tomcat 4.1.24
> Both on solaris and on Linux.
>
> When Apache is configured with
> SSLClientVerify optional
> or
> SSLClientVerify require
>
> Mod_jk is correctly configured (see why I say that later).
>
> Tomcat is configured with an AJP13 context, and responding well.
>
> PROBLEM: Client certificate cannot be obtained from the application.
> PROBLEM: In fact, there is an IOException *before* calling the servlet.
> PROBLEM: When tomcat is reconstructing the certificate. I get:
> Insufficient data ...or...
> too big
>
> WORKAROUND: I found that the same configuration on Tomcat 4.1.9 is
> working perfectly.
>
>
> I have been studying the differences between 4.1.9 and 4.1.24 and I have
> seen that certificate handling is done in very different places in the
> code (it has moved).
>
> Does anybody have an idea of what can have broken this?
>
> I am willing to submit a patch and/or do more investigation, so that
> this problem id fixed on 4.1.25 when it comes out.
>
> Yours sincerely,
>
> Antonio Fiol
>