tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 15268] New: - SSLPeerUnverifiedException on every request when using SSL Coyote HTTP/1.1 Connector
Date Wed, 11 Dec 2002 13:22:35 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15268>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15268

SSLPeerUnverifiedException on every request when using SSL Coyote HTTP/1.1 Connector

           Summary: SSLPeerUnverifiedException on every request when using
                    SSL Coyote HTTP/1.1 Connector
           Product: Tomcat 4
           Version: 4.1.12
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Connector:Coyote HTTP/1.1
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: boris@folgmann.de


I've installed a SSL Coyote HTTP/1.1 Connector using the information provided in
server.xml. (Please add to your description that /var/tomcat4/.keystore has to
be in the right directory and IMHO should not be world-readable)
Here's the definition:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
               acceptCount="10" debug="0" scheme="https" secure="true"
               useURIValidationHack="false">
      <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS" />
    </Connector>

Now I can access my tomcat server using https on port 8443. It works and can be
used, but every time a page is requested the following message is written to
/var/log/tomcat4/catalina.out:

08.12.2002 12:47:56 org.apache.coyote.http11.Http11Processor action
WARNUNG: Exception getting SSL attributes
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
        at
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118)
        at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:543)
        at org.apache.coyote.Response.action(Response.java:216)
        at
org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:314)
        at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
        at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
        at java.lang.Thread.run(Thread.java:536)

Since clientAuth is set to false in server.xml (see above) I assume there
shouldn't be a message like this.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message