tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46950] SSL renegotiation does not occur when resource with CLIENT-CERT auth is requested
Date Wed, 15 Apr 2009 11:03:40 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46950


Andr <andre@cabine.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |




--- Comment #4 from Andr <andre@cabine.org>  2009-04-15 04:03:39 PST ---
What works for you? Did you even read what I said?

How can the browser know if a server trusts a certain certificate or not
without even asking for it?

Let me explain the problem better.

Most of my site runs without client cert checking, so I have
SSLVerifyClient="none" on the connector. But I have one servlet that DOES want
a client certificate and so I configured the security restriction accordingly
in the deployment descriptor. Just that one resource, not the entire site.

It's in these cases that a SSL renegotiation does not occur to ask for the
client certificate. Tomcat only knows that I want a client certificate after
the client sends the http request.

Apache httpd has this feature and someone at the tomcat user's list asked me to
file this as a bug. Maybe it's just a missing feature.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message