tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alain Baucant <a.bauc...@aubay.lu>
Subject Re: SSL connector to check Certificate Revocation List
Date Fri, 16 Jan 2004 10:28:06 GMT
Bill Barker wrote:

> ----- Original Message ----- 
> From: "Alain Baucant" <a.baucant@aubay.lu>
> To: <tomcat-dev@jakarta.apache.org>
> Sent: Friday, January 16, 2004 12:13 AM
> Subject: SSL connector to check Certificate Revocation List
> 
> 
> 
>>Is it possible to define a CRL to be checked by tomcat when using SSL ?
>>
> 
> 
> Sounds like a good thing to add :).
> 
> 
>>If yes, with which tomcat version ?
>>
>>If no, is it planned ?
> 
> 
> Well, this is an O/S project :).  If you're willing to provide a patch,
> probably soon.  If you are waiting for me to provide a patch, probably
> whenever-I-have-time :).

I see two problems :

- if the CRL check (for ssl client auth) is done at the connector level 
(I'm not sure it will be the right patch) and not at the application 
level, I won't be able to catch a crl check failure and redirect to a 
specific page.
It's a problem I already encountered : if the https connexion can't be 
established (because no client cert or ...), tomcat seems not to see the 
connexion. So it doesn't redirect to an error page. And the application 
is not aware a connexion has fail.
But I'd like to redirect as many as https connection failure to a 
specific page.

What do you think about it ?

- to do it properly, I'll need some help: where to patch the code, ... 
and I'm still not sure to do it right enough. But I could try, (and try 
to find enough time, of course) I'll tell  you.


Alain.

> 
> 
>>I apologize disturbing developpers with this question but I didn't
>>recevie any answer on tomcat-user.
>>
>>Thanks for your help,
>>Alain.
>>
>>
>>PS: Where can I find a full description of configuration attributes of
>>the coyote connector ?
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>>
>>
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> This message is intended only for the use of the person(s) listed above as the intended
recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL.  If you are
not an intended recipient, you may not read, copy, or distribute this message or any attachment.
If you received this communication in error, please notify us immediately by e-mail and then
delete all copies of this message and any attachments.
> 
> In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet
is not secure. Do not send confidential or sensitive information, such as social security
numbers, account numbers, personal identification numbers and passwords, to us via ordinary
(unencrypted) e-mail.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message