tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1130936 - in /tomcat/tc6.0.x/trunk: ./ java/org/apache/catalina/valves/ java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/ webapps/docs/ webapps/docs/config/
Date Fri, 03 Jun 2011 08:17:03 GMT
Author: markt
Date: Fri Jun  3 08:17:02 2011
New Revision: 1130936

URL: http://svn.apache.org/viewvc?rev=1130936&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50887
Enable the provider to be configured when generating SSL certs
Based on a patch by pknopp

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
    tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Jun  3 08:17:02 2011
@@ -112,13 +112,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: markt, kkolinko
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50887
-  Enable the provider to be configured when generating SSL certs
-  Based on a patch by pknopp
-  https://issues.apache.org/bugzilla/attachment.cgi?id=26765
-  +1: markt, kkolinko, schultz
-  -1:
-
 * Add additional configuration options to the DIGEST authenticator
   http://people.apache.org/~markt/patches/2011-04-01-digest-tc6.patch
   +1: markt

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties Fri Jun 
3 08:17:02 2011
@@ -44,6 +44,8 @@ errorReportValve.rootCauseInLogs=The ful
 # Remote IP valve
 remoteIpValve.syntax=Invalid regular expressions [{0}] provided.
 
+sslValve.invalidProvider=The SSL provider specified on the connector associated with this
request of [{0}] is invalid. The certificate data could not be processed.
+
 # HTTP status reports
 http.100=The client may continue ({0}).
 http.101=The server is switching protocols according to the "Upgrade" header ({0}).

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java Fri Jun  3 08:17:02
2011
@@ -20,6 +20,7 @@ package org.apache.catalina.valves;
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
 
+import java.security.NoSuchProviderException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
@@ -28,7 +29,8 @@ import javax.servlet.ServletException;
 import org.apache.catalina.valves.ValveBase;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
-import org.apache.catalina.util.StringManager;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
 
 /*
  * Valve to fill the SSL informations in the request
@@ -46,8 +48,10 @@ import org.apache.catalina.util.StringMa
  * @version $Id$
  */
 
-public class SSLValve
-    extends ValveBase {
+public class SSLValve extends ValveBase {
+
+    private static final Log log = LogFactory.getLog(SSLValve.class);
+
 /*
     private static final String info =
         "SSLValve/1.0";
@@ -87,14 +91,25 @@ public class SSLValve
             // ByteArrayInputStream bais = new ByteArrayInputStream(strcerts.getBytes("UTF-8"));
             ByteArrayInputStream bais = new ByteArrayInputStream(strcerts.getBytes());
             X509Certificate jsseCerts[] = null;
+            String providerName = (String) request.getConnector().getProperty(
+                    "clientCertProvider");
             try {
-                CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                CertificateFactory cf;
+                if (providerName == null) {
+                    cf = CertificateFactory.getInstance("X.509");
+                } else {
+                    cf = CertificateFactory.getInstance("X.509", providerName);
+                }
                 X509Certificate cert = (X509Certificate) cf.generateCertificate(bais);
                 jsseCerts = new X509Certificate[1];
                 jsseCerts[0] = cert;
             } catch (java.security.cert.CertificateException e) {
                 System.out.println("SSLValve failed " + strcerts);
                 System.out.println("SSLValve failed " + e);
+            } catch (NoSuchProviderException e) {
+                log.error(sm.getString(
+                        "sslValve.invalidProvider", providerName), e);
+
             }
             request.setAttribute("javax.servlet.request.X509Certificate", jsseCerts);
         }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java Fri Jun  3 08:17:02
2011
@@ -22,6 +22,7 @@ import java.io.IOException;
 import java.io.InterruptedIOException;
 import java.net.InetAddress;
 import java.nio.ByteBuffer;
+import java.security.NoSuchProviderException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
@@ -334,6 +335,20 @@ public class AjpAprProcessor implements 
     public void setRequiredSecret(String requiredSecret) { this.requiredSecret = requiredSecret;
}
 
 
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
+    
     // --------------------------------------------------------- Public Methods
 
 
@@ -555,8 +570,13 @@ public class AjpAprProcessor implements 
                             certData.getLength());
                 // Fill the  elements.
                 try {
-                    CertificateFactory cf =
-                        CertificateFactory.getInstance("X.509");
+                    CertificateFactory cf;
+                    if (clientCertProvider == null) {
+                        cf = CertificateFactory.getInstance("X.509");
+                    } else {
+                        cf = CertificateFactory.getInstance("X.509",
+                                clientCertProvider);
+                    }
                     while(bais.available() > 0) {
                         X509Certificate cert = (X509Certificate)
                             cf.generateCertificate(bais);
@@ -573,6 +593,9 @@ public class AjpAprProcessor implements 
                 } catch (java.security.cert.CertificateException e) {
                     log.error(sm.getString("ajpprocessor.certs.fail"), e);
                     return;
+                } catch (NoSuchProviderException e) {
+                    log.error(sm.getString("ajpprocessor.certs.fail"), e);
+                    return;
                 }
                 request.setAttribute(AprEndpoint.CERTIFICATE_KEY, jsseCerts);
             }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java Fri Jun  3 08:17:02
2011
@@ -315,6 +315,21 @@ public class AjpAprProtocol 
     public void setPollerSize(int pollerSize) { endpoint.setPollerSize(pollerSize); }
     public int getPollerSize() { return endpoint.getPollerSize(); }
 
+    
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
+
     // --------------------------------------  AjpConnectionHandler Inner Class
 
 
@@ -421,6 +436,7 @@ public class AjpAprProtocol 
             processor.setAdapter(proto.adapter);
             processor.setTomcatAuthentication(proto.tomcatAuthentication);
             processor.setRequiredSecret(proto.requiredSecret);
+            processor.setClientCertProvider(proto.getClientCertProvider());
             register(processor);
             return processor;
         }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Fri Jun  3 08:17:02
2011
@@ -24,6 +24,7 @@ import java.io.InterruptedIOException;
 import java.io.OutputStream;
 import java.net.InetAddress;
 import java.net.Socket;
+import java.security.NoSuchProviderException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
@@ -344,6 +345,20 @@ public class AjpProcessor implements Act
     public void setKeepAliveTimeout(int timeout) { keepAliveTimeout = timeout; }
 
 
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
+
     // --------------------------------------------------------- Public Methods
 
 
@@ -560,8 +575,13 @@ public class AjpProcessor implements Act
                             certData.getLength());
                 // Fill the elements.
                 try {
-                    CertificateFactory cf =
-                        CertificateFactory.getInstance("X.509");
+                    CertificateFactory cf;
+                    if (clientCertProvider == null) {
+                        cf = CertificateFactory.getInstance("X.509");
+                    } else {
+                        cf = CertificateFactory.getInstance("X.509",
+                                clientCertProvider);
+                    }
                     while(bais.available() > 0) {
                         X509Certificate cert = (X509Certificate)
                             cf.generateCertificate(bais);
@@ -578,6 +598,9 @@ public class AjpProcessor implements Act
                 } catch (java.security.cert.CertificateException e) {
                     log.error(sm.getString("ajpprocessor.certs.fail"), e);
                     return;
+                } catch (NoSuchProviderException e) {
+                    log.error(sm.getString("ajpprocessor.certs.fail"), e);
+                    return;
                 }
                 request.setAttribute(JIoEndpoint.CERTIFICATE_KEY, jsseCerts);
             }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java Fri Jun  3 08:17:02 2011
@@ -308,6 +308,20 @@ public class AjpProtocol 
     public void setKeepAliveTimeout(int timeout) { keepAliveTimeout = timeout; }
 
 
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
+
     // --------------------------------------  AjpConnectionHandler Inner Class
 
 
@@ -407,6 +421,7 @@ public class AjpProtocol 
             processor.setTomcatAuthentication(proto.tomcatAuthentication);
             processor.setRequiredSecret(proto.requiredSecret);
             processor.setKeepAliveTimeout(proto.keepAliveTimeout);
+            processor.setClientCertProvider(proto.getClientCertProvider());
             register(processor);
             return processor;
         }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Fri Jun  3
08:17:02 2011
@@ -320,8 +320,21 @@ public class Http11AprProcessor implemen
     protected String server = null;
 
     
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+
     // ------------------------------------------------------------- Properties
 
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
 
     /**
      * Return compression level.
@@ -1151,7 +1164,13 @@ public class Http11AprProcessor implemen
                     X509Certificate[] certs = null;
                     if (clientCert != null  && certLength > -1) {
                         certs = new X509Certificate[certLength + 1];
-                        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                        CertificateFactory cf;
+                        if (clientCertProvider == null) {
+                            cf = CertificateFactory.getInstance("X.509"); 
+                        } else {
+                            cf = CertificateFactory.getInstance("X.509",
+                                    clientCertProvider); 
+                        }
                         certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
                         for (int i = 0; i < certLength; i++) {
                             byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN
+ i);

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Fri Jun  3 08:17:02
2011
@@ -470,7 +470,22 @@ public class Http11AprProtocol implement
      */
     public int getSSLVerifyDepth() { return endpoint.getSSLVerifyDepth(); }
     public void setSSLVerifyDepth(int SSLVerifyDepth) { endpoint.setSSLVerifyDepth(SSLVerifyDepth);
}
+
     
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
+
     // --------------------  Connection handler --------------------
 
     static class Http11ConnectionHandler implements Handler {
@@ -628,6 +643,7 @@ public class Http11AprProtocol implement
             processor.setSocketBuffer(proto.socketBuffer);
             processor.setMaxSavePostSize(proto.maxSavePostSize);
             processor.setServer(proto.server);
+            processor.setClientCertProvider(proto.getClientCertProvider());
             register(processor);
             return processor;
         }

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Fri Jun  3 08:17:02
2011
@@ -582,7 +582,19 @@ public class Http11NioProtocol implement
     public boolean getSSLEnabled() { return ep.isSSLEnabled(); }
     public void setSSLEnabled(boolean SSLEnabled) { ep.setSSLEnabled(SSLEnabled); }
     
-    
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
 
     // --------------------  Connection handler --------------------
 

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java Fri Jun  3 08:17:02
2011
@@ -518,6 +518,20 @@ public class Http11Protocol 
         setAttribute("keyAlias", keyAlias);
     }
 
+    /**
+     * When client certificate information is presented in a form other than
+     * instances of {@link java.security.cert.X509Certificate} it needs to be
+     * converted before it can be used and this property controls which JSSE
+     * provider is used to perform the conversion. For example it is used with
+     * the AJP connectors, the HTTP APR connector and with the
+     * {@link org.apache.catalina.valves.SSLValve}. If not specified, the
+     * default provider will be used. 
+     */
+    protected String clientCertProvider = null;
+    public String getClientCertProvider() { return clientCertProvider; }
+    public void setClientCertProvider(String s) { this.clientCertProvider = s; }
+
+
     // -----------------------------------  Http11ConnectionHandler Inner Class
 
     protected static class Http11ConnectionHandler implements Handler {

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Jun  3 08:17:02 2011
@@ -118,6 +118,10 @@
         Reduce level of log message for invalid URL parameters from WARNING to
         INFO. (kkolinko) 
       </fix>
+      <add>
+        <bug>50887</bug>: Enable the provider to be configured when generating
+        SSL certs. Based on a patch by pknopp. (markt)
+      </add>
       <fix>
         <bug>51073</bug>: Throw an exception and do not start the APR connector
         if it is configured for SSL and an invalid value is provided for

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/ajp.xml Fri Jun  3 08:17:02 2011
@@ -248,6 +248,17 @@
          (i.e. buffering disabled)</p>
     </attribute>
 
+    <attribute name="clientCertProvider" required="false">
+      <p>When client certificate information is presented in a form other than
+      instances of <code>java.security.cert.X509Certificate</code> it needs to
+      be converted before it can be used and this property controls which JSSE
+      provider is used to perform the conversion. For example it is used with
+      the AJP connectors, the <a href="http.html">HTTP APR connector</a> and
+      with the <a href="valve.html#SSL_Authenticator_Valve">
+      org.apache.catalina.valves.SSLValve</a>.If not specified, the default
+      provider will be used.</p>
+    </attribute>
+
     <attribute name="connectionTimeout" required="false">
       <p>The number of milliseconds this <strong>Connector</strong> will
wait,
       after accepting a connection, for the request URI line to be

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=1130936&r1=1130935&r2=1130936&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Fri Jun  3 08:17:02 2011
@@ -695,6 +695,17 @@
       <a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
     </attribute>
 
+    <attribute name="clientCertProvider" required="false">
+      <p>When client certificate information is presented in a form other than
+      instances of <code>java.security.cert.X509Certificate</code> it needs to
+      be converted before it can be used and this property controls which JSSE
+      provider is used to perform the conversion. For example it is used with
+      the <a href="ajp.html">AJP connectors</a>, the HTTP APR connector and
+      with the <a href="valve.html#SSL_Authenticator_Valve">
+      org.apache.catalina.valves.SSLValve</a>. If not specified, the default
+      provider will be used.</p>
+    </attribute>
+
     <attribute name="keystoreFile" required="false">
       <p>The pathname of the keystore file where you have stored the
       server certificate to be loaded.  By default, the pathname is



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message