tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: SSL client auth support in TC 3.x and 4.x
Date Mon, 09 Sep 2002 05:48:30 GMT
TC 3.3.1 at the moment doesn't include a "CertificateRealm" (but
contributions are welcome :).  The certificate chain is made available to a
custom Realm, or servlet that wants this information.  However, Tomcat 3.3.1
doesn't use this information itself.

----- Original Message -----
From: "Christopher Todd" <chris@christophertodd.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: Sunday, September 08, 2002 4:52 PM
Subject: SSL client auth support in TC 3.x and 4.x


> Is SSL client auth supported in versions of Tomcat prior to 4.x?  In
looking
> over the source code, I can see that in TC 4.1.10,
> Realm.authenticate(X509Certificate[] certs) authenticates a user based on
> the certiticate chain that is presented.  But in looking through the
source
> for TC 3.3.1, I cannot find any calls to
> java(x).security.cert.X509Certitificate.validate() or verify().
>
> Nonetheless, I can see classes like JSSESuport and PureTLSSupport that
> obtain the chain of certificates via
> javax.net.ssl.SSLSession.getPeerCertificateChain(), but for the life of
me,
> I cannot find any classes that are actually using the array of certs that
is
> returned.  I have looked at the Realm class and it's subclasses, and I
have
> seen some things in the Http10Interceptor related to setting up the SSL
> socket, but it doesn't look to me like TC 3.3.1 supports client auth.
>
> Did I just miss it?  If SSL client auth is supported in TC 3.x, could
> someone please point me to the class and method responsible for verifying
> and validating a clients identity using the certificate chain?
>
> Thanks in advance,
> Chris
>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message