tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <...@jadn.com>
Subject SSL Client-Auth
Date Thu, 03 Oct 2002 21:27:17 GMT

Hi.  I have been looking into a problem with Tomcat5, ClientAuth=false,
and JSSE in JDK1.4 and it seems like the JSSE has a problem.

Namely if you build an SSL socket, then later decide you need to
exchange certs with the client (ie. CLIENT-CERT), then the 

	SSlSocket.startHandshake()

method is called.  Unfortunately this method is asynchronous, and waits
for a read() or write() to occur before it does it's work.  TC5
processes requests kinda like this; a Request comes in, TC5 checks to
see if the Resource is protected, then a negotiation may start.  However
JSSE won't initiate a cert exchange unless a Read() or a Write() happens
on the socket, but TC5 doesn't have anything it wants to write or read
when the 'startHandshake()' is called.... 

I have been playing around with using a sendRedirect() back to the same
page, but boy does that seem messy.

Any ideas?
-bob

P.S. I tweaked the JSSE sample programs to demonstrate the problem
outside of Tomcat.  If anyone wants a copy - just ask.





--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message