tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46498] New: Client certificate is not requested when clientAuth is false and resource is protected by security constraint
Date Thu, 08 Jan 2009 23:32:40 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46498

           Summary: Client certificate is not requested when clientAuth is
                    false and resource is protected by security constraint
           Product: Tomcat 6
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: pedro.ortigao@novabase.pt


Tomcat configuration manual states that clientAuth can be false and that 
"A false value (which is the default) will not require a certificate chain
unless the client requests a resource protected by a security constraint that
uses CLIENT-CERT authentication. See the SSL HowTo for an example."

Note: The SSL Howto doesn't have a "false" option described for clientAuth.

Anyway, Tomcat doesn't request a client certificate when clienAuth is false and
the resource is protect by a security constraint like this:
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Certificados</web-resource-name>
      <url-pattern>/Certificados/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>CLIENT-CERT</auth-method>
  </login-config>

TIA,
Pedro


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message