You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/08/01 00:50:02 UTC

DO NOT REPLY [Bug 11352] New: - clientauth="false" equivalent to clientauth="true"

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11352>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11352

clientauth="false" equivalent to clientauth="true"

           Summary: clientauth="false" equivalent to clientauth="true"
           Product: Tomcat 3
           Version: 3.3.1 Final
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Auth
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: habecker@zentek.com


Environment:
J2SDK1.4, Red Hat Linux 7.3, using Tomcat as the web server (no other web server
on the machine). Used both Netscape Communicator 4.79 and Mozilla 0.9.9 with
same results.

As per jakarta-tomcat-3.3.1/doc/tomcat-ssl-howto.html, I wrote this entry in
server.xml and then restarted Tomcat:

<Http10Connector  port="8443" 
                  secure="true"
                  keystore="/home/davpfg2/jakarta-tomcat-3.3.1/JSSEkeystore"
                  keypass="keypass"
                  clientauth="false"
          SSLImplementation="org.apache.tomcat.util.net.JSSEImplementation" />

When I opened https://localhost:8443/index.html in my Netscape browser, I
received several certificate dialogs (as expected, and which demonstrate that
Tomcat successfully found the keystore) and then I received an error message
that stated that localhost had requested client authorization but that I did not
have a personal certificate. For what it's worth, Tomcat also complained about
the missing client certificate:

Using classpath: /home/davpfg2/jakarta-tomcat-3.3.1/bin/../lib/tomcat.jar
Using JAVA_HOME: /usr/java/j2sdk1.4.0_01
Using TOMCAT_HOME: /home/davpfg2/jakarta-tomcat-3.3.1
2002-07-30 20:45:29 - SessionIdGenerator: Opening /dev/urandom
2002-07-30 20:45:29 - ServerXmlReader: Config=$TOMCAT_HOME/conf/server.xml
2002-07-30 20:45:29 - PathSetter: home=/home/davpfg2/jakarta-tomcat-3.3.1
2002-07-30 20:45:29 - ContextXmlReader: Context
config=$TOMCAT_HOME/conf/apps-127.0.0.1.xml
2002-07-30 20:45:29 - ContextXmlReader: Context
config=$TOMCAT_HOME/conf/apps-admin.xml
2002-07-30 20:45:29 - ContextXmlReader: Context
config=$TOMCAT_HOME/conf/apps-examples.xml
2002-07-30 20:45:29 - AutoWebApp: Loaded from config: DEFAULT:/admin
2002-07-30 20:45:29 - AutoWebApp: Auto-Adding DEFAULT:/
2002-07-30 20:45:29 - AutoWebApp: Loaded from config: DEFAULT:/examples
2002-07-30 20:45:29 - AutoWebApp: Auto-Adding DEFAULT:/soap
2002-07-30 20:45:29 - ContextManager: Tomcat configured and in stable state 
2002-07-30 20:45:29 - ContextManager: Adding  DEFAULT:/admin
2002-07-30 20:45:29 - ContextManager: Adding  DEFAULT:/examples
2002-07-30 20:45:29 - ContextManager: Adding  DEFAULT:/ROOT
2002-07-30 20:45:29 - ContextManager: Adding  DEFAULT:/soap
EmbededTomcat: Init time 1603
2002-07-30 20:45:30 - Http10Interceptor: Starting on 8080
2002-07-30 20:45:30 - Http10Interceptor: Starting on 8443
2002-07-30 20:45:30 - Ajp12Interceptor: Starting on 8007
2002-07-30 20:45:30 - Ajp13Interceptor: Starting on 8009
EmbededTomcat: Startup time 680
PoolTcpEndpoint: Handshake failed
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException:
handshake alert:  no_certificate
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
        at java.io.OutputStream.write(OutputStream.java:58)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
        at
org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFactory.java:270)
        at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:479)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:516)
        at java.lang.Thread.run(Thread.java:536)
ThreadPool: Caught exception executing
org.apache.tomcat.util.net.TcpWorkerThread@f4f44a, terminating thread
java.lang.NullPointerException
        at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:498)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:516)
        at java.lang.Thread.run(Thread.java:536)
Stop reaper 
SUPER org.apache.tomcat.util.qlog.LogDaemon@4c4975 Exiting
ContextManager: Exiting 

Workaround:
I double-checked the manual and found that the default is clientauth="false", so
I simply removed the clientauth line from server.xml and restarted Tomcat. When
I tried the URL again, my browser successfully displayed index.html.

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>