tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesús Luna <j.l...@certiver.com>
Subject Problems with SSL_CLIENT_CERT_CHAIN_n from servlet
Date Wed, 06 Oct 2004 09:41:16 GMT
Hi everybody,
Currently I'm developing a servlet that validates with our OCSP service a
user certificate received from Apache v1.3.29 (with mod_ssl v2.8.16 and
ajp13 workers), but the problem is that I need to extract some data about
the correspondent client certificate chain to build the OCSP request and
I've not been able to obtain this from Tomcat v4.1.30 (with mod_jk v1.2) all
under Linux. I'm pretty sure that it's not a configuration problem because
my servlet is already retrieving additional information from mod_jk (i.e.
the client certificate, cipher, protocol and other SSL_ environment
variables from Apache/mod_ssl).

Anyway, in mod_jk I've tried the following directives:
JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0
JkEnvVar SSL_CLIENT_CERT_CHAIN_1 SSL_CLIENT_CERT_CHAIN_1
.
.
etc

An then from my Java servlet:
String chain0 = (String) request.getAttribute("SSL_CLIENT_CERT_CHAIN_0");
// Also tried it like an X509Certificate object
							 // Variable chain0 appears equal to the string
"SSL_CLIENT_CERT_CHAIN_0"

X509Certificate[] cert
=(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certific
ate");
					// Only getting one certificate in the array, the correspondent to the
SSL client
					// No certificates from the chain

Finally, I've been browsing trough some emails on this list that talk about
performance issues with the cert chain extraction so I don´t know if this
feature may be unavailable or something like this.

Thank you in advance for your help, best regards

_______________________
Jesus Luna Garcia
CertiVeR (U.E. Funded Project)
j.luna@certiver.com
http://www.certiver.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message