tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject Re: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
Date Wed, 06 Oct 2004 14:54:15 GMT
Jesús Luna wrote:
> Hi everybody,
> Currently I'm developing a servlet that validates with our OCSP service a
> user certificate received from Apache v1.3.29 (with mod_ssl v2.8.16 and
> ajp13 workers), but the problem is that I need to extract some data about
> the correspondent client certificate chain to build the OCSP request and
> I've not been able to obtain this from Tomcat v4.1.30 (with mod_jk v1.2) all
> under Linux. I'm pretty sure that it's not a configuration problem because
> my servlet is already retrieving additional information from mod_jk (i.e.
> the client certificate, cipher, protocol and other SSL_ environment
> variables from Apache/mod_ssl).

What do have in httpd.conf?

> 
> Anyway, in mod_jk I've tried the following directives:
> JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0
> JkEnvVar SSL_CLIENT_CERT_CHAIN_1 SSL_CLIENT_CERT_CHAIN_1
> .
> .
> etc
> 
> An then from my Java servlet:
> String chain0 = (String) request.getAttribute("SSL_CLIENT_CERT_CHAIN_0");
> // Also tried it like an X509Certificate object
> 							 // Variable chain0 appears equal to the string
> "SSL_CLIENT_CERT_CHAIN_0"
> 
> X509Certificate[] cert
> =(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certific
> ate");
> 					// Only getting one certificate in the array, the correspondent to the
> SSL client
> 					// No certificates from the chain
> 
> Finally, I've been browsing trough some emails on this list that talk about
> performance issues with the cert chain extraction so I don´t know if this
> feature may be unavailable or something like this.
> 
> Thank you in advance for your help, best regards
> 
> _______________________
> Jesus Luna Garcia
> CertiVeR (U.E. Funded Project)
> j.luna@certiver.com
> http://www.certiver.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message