Return-Path:
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 56601 invoked from network); 24 Dec 2006 16:30:28 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
by minotaur.apache.org with SMTP; 24 Dec 2006 16:30:28 -0000
Received: (qmail 18704 invoked by uid 500); 24 Dec 2006 16:30:27 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 18655 invoked by uid 500); 24 Dec 2006 16:30:27 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: "Tomcat Developers List"
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 18644 invoked by uid 500); 24 Dec 2006 16:30:27 -0000
Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org
Received: (qmail 18641 invoked by uid 99); 24 Dec 2006 16:30:27 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 Dec 2006 08:30:27 -0800
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 Dec 2006 08:30:19 -0800
Received: by eris.apache.org (Postfix, from userid 65534)
id 834491A981A; Sun, 24 Dec 2006 08:29:28 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r490037 - in /tomcat/container/tc5.5.x:
catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
webapps/docs/config/http.xml webapps/docs/ssl-howto.xml
Date: Sun, 24 Dec 2006 16:29:28 -0000
To: tomcat-dev@jakarta.apache.org
From: yoavs@apache.org
X-Mailer: svnmailer-1.1.0
Message-Id: <20061224162928.834491A981A@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: yoavs
Date: Sun Dec 24 08:29:27 2006
New Revision: 490037
URL: http://svn.apache.org/viewvc?view=rev&rev=490037
Log:
Bugzilla 34643: better documentation of per-user / per-session clientAuth usage.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
tomcat/container/tc5.5.x/webapps/docs/config/http.xml
tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/authenticator/SSLAuthenticator.java Sun Dec 24 08:29:27 2006
@@ -38,6 +38,9 @@
* An Authenticator and Valve implementation of authentication
* that utilizes SSL certificates to identify client users.
*
+ * You will likely want to read the SSL HowTo in the Tomcat documentation:
+ * http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
+ *
* @author Craig R. McClanahan
* @version $Revision$ $Date$
*/
Modified: tomcat/container/tc5.5.x/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/config/http.xml?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/config/http.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/config/http.xml Sun Dec 24 08:29:27 2006
@@ -423,7 +423,8 @@
value (which is the default) will not require a certificate chain
unless the client requests a resource protected by a security
constraint that uses CLIENT-CERT
authentication. See the
- SSL HowTo for an example.
+ SSL HowTo for an example. That SSL HowTo
+ also contains tips on using per-user or per-session certificate-based clientAuth.
Modified: tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml?view=diff&rev=490037&r1=490036&r2=490037
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/ssl-howto.xml Sun Dec 24 08:29:27 2006
@@ -8,7 +8,7 @@
Christopher Cain
- Yoav Shapira
+ Yoav Shapira
SSL Configuration HOW-TO
@@ -288,7 +288,7 @@
Note: your private key password and keystore password
should be the same. If they differ, you will get an error along the lines
of java.io.IOException: Cannot recover key
, as documented in
-Bugzilla issue 38217,
+Bugzilla 38217,
which contains further references for this issue.
@@ -350,6 +350,9 @@
all SSL clients to present a client Certificate in order to use
this socket. Set this value to want
if you want Tomcat
to request a client Certificate, but not fail if one isn't presented.
+ For using clientAuth on a per-user or per-session basis, check out
+ the tips in
+ Bugzilla 34643.
@@ -558,6 +561,13 @@
For additional discussion on this area, please see
Bugzilla.
+
+For tips on using clientAuth on a per-user or per-session basis, and also for
+using clientAuth with self-signed or expired client certificates, please see the
+discussion in
+Bugzilla 34643.
+
+