You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bryant Panyarachun <bp...@gmail.com> on 2011/10/14 19:47:03 UTC
Cannot retrieve client cert when requesting javax.net.ssl.peer_certificates
Hi all,
I am upgrading from Tomcat 6.0.18 to 7.0.21 (32-bit Win zip).
Previously, when requesting a client certificate I would use:
X509Certificate[] certs =
(X509Certificate[])req.getAttribute("javax.net.ssl.peer_certificates");
However, after upgrading to 7.0.21 this no longer works. Instead it returns
null.
However, I can retrieve the client certificate when I use:
X509Certificate[] certs =
(X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
I'm curious as to why the javax.net.ssl.peer_certificates parameter no
longer works in this case. Is it an issue cause by a Tomcat regression
change?
Re: Cannot retrieve client cert when requesting javax.net.ssl.peer_certificates
Posted by Bryant Panyarachun <bp...@gmail.com>.
Right, I have only been able to find a reference to it in the 2.1 servlet
specification as well.
On Fri, Oct 14, 2011 at 12:27 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:
> > From: Mark Thomas [mailto:markt@apache.org]
> > Subject: Re: Cannot retrieve client cert when requesting
> javax.net.ssl.peer_certificates
>
> > I don't see that parameter anywhere in the servlet specification.
>
> It was in the 2.1 spec for ServletRequest, but seems to have disappeared
> somewhere along the way.
>
>
> http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletRequest.html#getAttribute%28javax.servlet.String%29
>
> It's still mentioned in some docs for other app servers.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Bryant Panyarachun
bpanyarachun@gmail.com
(661)644-5174
RE: Cannot retrieve client cert when requesting
javax.net.ssl.peer_certificates
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Mark Thomas [mailto:markt@apache.org]
> Subject: Re: Cannot retrieve client cert when requesting javax.net.ssl.peer_certificates
> I don't see that parameter anywhere in the servlet specification.
It was in the 2.1 spec for ServletRequest, but seems to have disappeared somewhere along the way.
http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletRequest.html#getAttribute%28javax.servlet.String%29
It's still mentioned in some docs for other app servers.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Cannot retrieve client cert when requesting javax.net.ssl.peer_certificates
Posted by Mark Thomas <ma...@apache.org>.
On 14/10/2011 18:47, Bryant Panyarachun wrote:
> Hi all,
>
> I am upgrading from Tomcat 6.0.18 to 7.0.21 (32-bit Win zip).
>
> Previously, when requesting a client certificate I would use:
>
> X509Certificate[] certs =
> (X509Certificate[])req.getAttribute("javax.net.ssl.peer_certificates");
>
> However, after upgrading to 7.0.21 this no longer works. Instead it returns
> null.
>
> However, I can retrieve the client certificate when I use:
>
> X509Certificate[] certs =
> (X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
>
> I'm curious as to why the javax.net.ssl.peer_certificates parameter no
> longer works in this case. Is it an issue cause by a Tomcat regression
> change?
I don't see that parameter anywhere in the servlet specification.
Neither do I see it in the Tomcat code base.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org