Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 65757 invoked from network); 3 Feb 2011 10:25:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Feb 2011 10:25:20 -0000 Received: (qmail 53561 invoked by uid 500); 3 Feb 2011 10:25:19 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 53294 invoked by uid 500); 3 Feb 2011 10:25:17 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 53285 invoked by uid 99); 3 Feb 2011 10:25:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Feb 2011 10:25:16 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Feb 2011 10:25:14 +0000 Received: from thor.apache.org (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id p13AOraM027100 for ; Thu, 3 Feb 2011 10:24:53 GMT Received: (from daemon@localhost) by thor.apache.org (8.13.8+Sun/8.13.8/Submit) id p13AOr5W027099; Thu, 3 Feb 2011 05:24:53 -0500 (EST) Date: Thu, 3 Feb 2011 05:24:53 -0500 (EST) Message-Id: <201102031024.p13AOr5W027099@thor.apache.org> From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: DO NOT REPLY [Bug 48208] allow to configure a custom client certificate Trust Manager in server.xml per connector attribute "trustManagerClassName" X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 6 X-Bugzilla-Component: Connectors X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: hauser@acm.org X-Bugzilla-Status: REOPENED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: default X-Bugzilla-Changed-Fields: In-Reply-To: References: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=3D48208 --- Comment #8 from Ralf Hauser 2011-02-03 05:24:46 EST --- Just another application scenario the mandates a custom TrustManager as suggested by Mark: There is a restriction that depending on the time-of-the-day, a different s= et of certificates is trusted. Our original solution approach was then to accept all certificates. Once the certificate is provided and the full SSL handshake is finished, we can choo= se the set of acceptable trusted issuing certificates depending on time-of-day= or other context paramters. Only then we do the verification and possibly abort the session. As I mentioned before, wedo understand your reservations on incorporating an AcceptAllTrustManager patch, however, we would hope that a more generic solution as the trustManagerClassName suggested by Mark Thomas would be a = fair compromise. Then, we could move the logic from the application into our custom trust manager we define in =E2=80=9CtrustManagerClassName=E2=80=9D. --=20 Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=3De= mail ------- You are receiving this mail because: ------- You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org