tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48208] allow to configure a custom client certificate Trust Manager in server.xml per connector attribute "trustManagerClassName"
Date Thu, 03 Feb 2011 10:24:53 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48208

--- Comment #8 from Ralf Hauser <hauser@acm.org> 2011-02-03 05:24:46 EST ---
Just another application scenario the mandates a custom TrustManager as
suggested by Mark:

There is a restriction that depending on the time-of-the-day, a different set
of certificates is trusted.

Our original solution approach was then to accept all certificates. Once the
certificate is provided and the full SSL handshake is finished, we can choose
the set of acceptable trusted issuing certificates depending on time-of-day or
other context paramters. Only then we do the verification and possibly abort
the session.

As I mentioned before, wedo understand your reservations on incorporating an
AcceptAllTrustManager patch, however, we would hope that a more generic
solution as the  trustManagerClassName suggested by Mark Thomas would be a fair
compromise.
Then, we could move the logic from the application into our custom trust
manager we define in “trustManagerClassName”.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message