tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 58244] two way SSL loses client certificate after a few requests
Date Sun, 21 Feb 2016 16:49:43 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=58244

--- Comment #16 from Mark Thomas <markt@apache.org> ---
Created attachment 33578
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=33578&action=edit
Potential patch if OpenSSL decide this is a WONTFIX

Working around this in Tomcat is quite simple. It does mean the full chain is
only available on the initial connection. Subsequent connections only get the
user cert. That is probably sufficient for most use cases. Where that isn't
sufficient, the app can always cache the chain in the session. Another option
is for the CLIENT-CERT authenticator to cache the chain in the session.

I'm following this up with the OpenSSL folks. If it is indeed a WONTFIX then we
can apply this patch or something along these lines.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message