tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: cvs commit: jakarta-tomcat-connectors/jk/java/org/apache/jk/server JkCoyoteHandler.java
Date Sat, 23 Nov 2002 08:17:20 GMT

----- Original Message -----
From: "Bill Barker" <wbarker@wilshire.com>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Friday, November 22, 2002 11:34 PM
Subject: Re: cvs commit:
jakarta-tomcat-connectors/jk/java/org/apache/jk/server JkCoyoteHandler.java


>
> ----- Original Message -----
> From: <hgomez@apache.org>
> To: <jakarta-tomcat-connectors-cvs@apache.org>
> Sent: Friday, November 22, 2002 10:34 PM
> Subject: cvs commit:
jakarta-tomcat-connectors/jk/java/org/apache/jk/server
> JkCoyoteHandler.java
>
>
> > hgomez      2002/11/22 22:34:48
> >
> >   Modified:    jk/java/org/apache/jk/common HandlerRequest.java
> >                jk/java/org/apache/jk/server JkCoyoteHandler.java
> >   Log:
> >   Fix null getRemoteHost.
> >   Lasy extraction of ssl certs to speed up jk/ajp13 when under SSL
> >
> >   Revision  Changes    Path
> >   1.18      +6 -24
> jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java
> >
> >   Index: HandlerRequest.java
> >   >   + // SSL certificate extraction is costy, moved to JkCoyoteHandler
> >   +                req.setAttribute(SSLSupport.CERTIFICATE_KEY,
> certString);
> >                    break;
>
> As much as I very much like the switch to constants, this is still wrong.
> As far back as the Servlet 2.2 spec (aka Tomat 3.3) this is required to be
a
> java.security.cert.X509Certificate [].  I'll have to -1 this section of
the
> patch because of this, but the rest looks really good!
>

Urm, it's actually worse than that.  The 2.2 spec requires a single
java.security.cert.X509Certificate, the 2.3 & 2.4 specs (more intelligently)
require the entire chain via java.security.cert.X509Certificate [].  Don't
you just love the JCP? ;-)

>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message