tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Armstrong <a...@tagish.com>
Subject Re: SSL - NES / DOMINO
Date Thu, 07 Jun 2001 23:05:32 GMT
Hi Henri,

GOMEZ Henri wrote:
> 
> Hi,
> 
> I take a look at NES and the SSL vars are not handled
> by this connector.
> 
> Idem for DOMINO where some vars are grabbed but not used.
> 
> Who know how to get the SSL vars (the following come from apache+mod_ssl) :
> 
> SSL_CLIENT_CERT                 => The client certificat (if user auth used)
> SSL_CIPHER                      => cipher used (ie RC4-MD5)
> SSL_SESSION_ID          => SSL session ID, a big number unique big SSL
> SESSION
> SSL_CIPHER_USEKEYSIZE   => #bits used in clt<->srv exchange ie: 128

There's a bug in the current release of the Domino connector that means
that it doesn't properly recognise SSL requests, which means it doesn't
is_ssl in the jk_ws_service structure. I've fixed this now, but I don't
seem to be able to recover values for ssl_cert, ssl_cipher or
ssl_session from Domino. I also find that if I these fields are set as
follows

  s->is_ssl       = 1;    /* i.e. it is an SSL request... */
  s->ssl_cert_len = 128;
  s->ssl_cert     = NULL; /* ...but we don't have these values */
  s->ssl_cipher   = NULL;
  s->ssl_session  = NULL;

I'm getting a null pointer exception in Ajp13ConnectorRequest.java at
this code:
	 case SC_A_SSL_CERT     :
		 isSSL = true;
  --->		attributes.put("javax.servlet.request.X509Certificate",
					   msg.getString());
	 break;

It seems that msg.getString() is probably returning a null. This may be
because I'm working with Tomcat 3.2.1 tonight, so I'm just grabbing a
copy of 3.3 to see if that problem has been fixed.

Once I've solved this little problem I'll make a new release which
understands SSL.

> Here is was I got in TC 3.3-M3 (using initial AJP14), with attached
> snoop.jsp against Apache 1.3.20/mod_ssl 2.8.4
> 
> Request Information
> 
> JSP Request Method: GET
> Request URI: /examples/jsp/snp/snoop.jsp
> Request Protocol: HTTP/1.0
> Servlet path: /jsp/snp/snoop.jsp
> Path info: null
> Path translated: null
> Query string: null
> Content length: -1
> Content type: null
> Server name: localhost
> Server port: 443
> Remote user: null
> Remote address: 127.0.0.1
> Remote host: localhost
> Authorization scheme: null
> 
> SSL Client Certificate: null
> SSL Cypher Suite: RC4-MD5
> SSL Session Id:
> 9A9F153F57A505AA3FAB648223929413BC035ACE89FF2735138456F7B38B2CAB
> SSL Key Size: 128
> 
> The browser you are using is Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2 i686)
> 
> -
> Henri Gomez                 ___[_]____
> EMAIL : hgomez@slib.fr        (. .)
> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> 
>   ------------------------------------------------------------------------
>                 Name: snoop.jsp
>    snoop.jsp    Type: unspecified type (application/octet-stream)
>             Encoding: quoted-printable

-- 
Andy Armstrong, Tagish

Mime
View raw message