tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: SSL client auth support in TC 3.x and 4.x
Date Mon, 09 Sep 2002 05:48:30 GMT
TC 3.3.1 at the moment doesn't include a "CertificateRealm" (but
contributions are welcome :).  The certificate chain is made available to a
custom Realm, or servlet that wants this information.  However, Tomcat 3.3.1
doesn't use this information itself.

----- Original Message -----
From: "Christopher Todd" <>
To: <>
Sent: Sunday, September 08, 2002 4:52 PM
Subject: SSL client auth support in TC 3.x and 4.x

> Is SSL client auth supported in versions of Tomcat prior to 4.x?  In
> over the source code, I can see that in TC 4.1.10,
> Realm.authenticate(X509Certificate[] certs) authenticates a user based on
> the certiticate chain that is presented.  But in looking through the
> for TC 3.3.1, I cannot find any calls to
> java(x).security.cert.X509Certitificate.validate() or verify().
> Nonetheless, I can see classes like JSSESuport and PureTLSSupport that
> obtain the chain of certificates via
>, but for the life of
> I cannot find any classes that are actually using the array of certs that
> returned.  I have looked at the Realm class and it's subclasses, and I
> seen some things in the Http10Interceptor related to setting up the SSL
> socket, but it doesn't look to me like TC 3.3.1 supports client auth.
> Did I just miss it?  If SSL client auth is supported in TC 3.x, could
> someone please point me to the class and method responsible for verifying
> and validating a clients identity using the certificate chain?
> Thanks in advance,
> Chris
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message