tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37869] New: - Cannot obtain client certificate with SSL / client certificate authentication using APR components
Date Mon, 12 Dec 2005 10:50:00 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37869>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37869

           Summary: Cannot obtain client certificate with SSL / client
                    certificate authentication using APR components
           Product: Tomcat 5
           Version: 5.5.12
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connector:HTTP
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: s.dimichele@auselda.it


I configured tomcat to use SSL client-certificate authentication and i need to
access the client certificate contained in the request. To do this, i use:

Object cert = request.getAttribute("javax.servlet.request.X509Certificate");

If i do not use the APR components, this works correctly.
If i use the APR components, instead, the object returned by the previous
statement is always null.
The authentication itself works correctly (for instance if CA not valid,
certificate expired, etc..) in both cases.

For use the APR components, i just put the binary files downloaded at:

http://tomcat.heanet.ie/native/1.1.1/binaries/win32/

in the bin directory of my tomcat installation, according the guide found on
tomcat site:

http://tomcat.apache.org/tomcat-5.5-doc/apr.html

This is the SSL HTTP connector extract from my server.xml (non APR version):

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want" 
sslProtocol="TLS"
truststoreFile="./tomcat5keystore.jks" truststorePass="xxx"
keystoreFile="./tomcat5keystore.jks" keystorePass="xxx"                 
/>


This is the SSL HTTP connector extract from my server.xml (non APR version):

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="want" 
SSLEngine="on" 
SSLVerifyClient="optional"
SSLCertificateFile="${catalina.base}/cert.crt"
SSLCertificateKeyFile="${catalina.base}/key.pem"
SSLCACertificateFile="${catalina.base}/ca_postecom.crt"
SSLPassword="xxx"
/>

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message