tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Fiol BonnĂ­n <>
Subject Client authentication with X509 certificate (Apache web server+mod_jk+Tomcat 4.1.24) not working
Date Sat, 14 Jun 2003 09:58:11 GMT

I have been struggling with a strange problem:

Using Apache Web server (1.3.23 - 1.3.26, not tested others).
Using mod_jk (EAPI version, recent download).
On a Linux machine.

Using tomcat 4.1.24
Both on solaris and on Linux.

When Apache is configured with
SSLClientVerify optional
SSLClientVerify require

Mod_jk is correctly configured (see why I say that later).

Tomcat is configured with an AJP13 context, and responding well.

PROBLEM: Client certificate cannot be obtained from the application.
PROBLEM: In fact, there is an IOException *before* calling the servlet.
PROBLEM: When tomcat is reconstructing the certificate. I get:
           Insufficient data          ...or...
           too big

WORKAROUND: I found that the same configuration on Tomcat 4.1.9 is 
working perfectly.

I have been studying the differences between 4.1.9 and 4.1.24 and I have 
seen that certificate handling is done in very different places in the 
code (it has moved).

Does anybody have an idea of what can have broken this?

I am willing to submit a patch and/or do more investigation, so that 
this problem id fixed on 4.1.25 when it comes out.

Yours sincerely,

Antonio Fiol

View raw message