tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: HTTP and client certificates
Date Tue, 16 Oct 2001 20:45:33 GMT
Hello Stefan,

The standard practices for contributing patches and suggested changes to
Jakarta projects are outlined on the Jakarta web site, starting at:

Basically, what you should do is create unified diffs of your proposed
changes and post them to the TOMCAT-DEV mailing list.  Then, we will be
able to review the changes and a committer can apply them to the CVS


On Tue, 16 Oct 2001, Stefan Wengi wrote:

> Date: Tue, 16 Oct 2001 11:47:50 -0700
> From: Stefan Wengi <>
> Reply-To:
> To:
> Subject: HTTP and client certificates
> Hi,
> some people on user mailing list reported problems getting HTTPS with
> client
> authentication to work (setting "clientAuth" property to "true").
> It seems like the Tomcat SSL server factory ignores the CA certificates
> that are stored in the keystore and only sends the Thawte and Verisign
> CA info to the client. If you have certificates signed by another CA it
> won't work because the browser (at least Netscape 4.7x) looks for a user
> certificate signed by a CA known to the server.
> We patched the SSLServerSocketFactory class to retrieve additional CA
> certs via the TrustManagerFactory. The code already had some
> preparations for that although it was disabled.
> how can we get the fix into the Tomcat 4 code?
> cheers
> Stefan

View raw message