tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41337] - Display an error page if no cert is available on CLIENT-CERT login
Date Wed, 10 Jan 2007 09:00:16 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41337>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41337





------- Additional Comments From arminha@student.ethz.ch  2007-01-10 01:00 -------
The bug seems ot be in the JSSE package
I could solve it by changing the method JSSE14Support.handshake() from:

   protected void handShake() throws IOException {
        if( ssl.getWantClientAuth() ) {
            logger.debug("No client cert sent for want");
        } else {
            ssl.setNeedClientAuth(true);
        }
        synchronousHandshake(ssl);
    }

to:

    protected void handShake() throws IOException {
        if( ssl.getNeedClientAuth() ) {
            logger.debug("No client cert sent for want");
        } else {
            ssl.setWantClientAuth(true);
        }
        synchronousHandshake(ssl);
    }

This way in the above scenario wantClientAuth is set to true. So the SSLSocket
would also accept connection without client certificates, but the
SSLAuthenticator will then display an error page.


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message