tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: HTTP and client certificates
Date Tue, 16 Oct 2001 20:45:33 GMT
Hello Stefan,

The standard practices for contributing patches and suggested changes to
Jakarta projects are outlined on the Jakarta web site, starting at:

  http://jakarta.apache.org/site/getinvolved.html

Basically, what you should do is create unified diffs of your proposed
changes and post them to the TOMCAT-DEV mailing list.  Then, we will be
able to review the changes and a committer can apply them to the CVS
repository.

Craig


On Tue, 16 Oct 2001, Stefan Wengi wrote:

> Date: Tue, 16 Oct 2001 11:47:50 -0700
> From: Stefan Wengi <stefan.wengi@adnovum.com>
> Reply-To: tomcat-dev@jakarta.apache.org
> To: tomcat-dev@jakarta.apache.org
> Subject: HTTP and client certificates
>
> Hi,
>
> some people on user mailing list reported problems getting HTTPS with
> client
> authentication to work (setting "clientAuth" property to "true").
> It seems like the Tomcat SSL server factory ignores the CA certificates
> that are stored in the keystore and only sends the Thawte and Verisign
> CA info to the client. If you have certificates signed by another CA it
> won't work because the browser (at least Netscape 4.7x) looks for a user
> certificate signed by a CA known to the server.
>
> We patched the SSLServerSocketFactory class to retrieve additional CA
> certs via the TrustManagerFactory. The code already had some
> preparations for that although it was disabled.
>
> how can we get the fix into the Tomcat 4 code?
>
> cheers
>
> Stefan
>


Mime
View raw message