tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Fiol Bonnín <fiol.bon...@terra.es>
Subject Re: Client authentication with X509 certificate (Apache web server+mod_jk+Tomcat 4.1.24) not working
Date Sun, 15 Jun 2003 08:10:56 GMT
Hello,

What a relief!!

And I've seen that the patch for this bug is a one-liner... I will try 
to backport it to the stock 4.1.24 we were willing to use.

Do you have an idea of the approx. release date for 4.1.25?

Thank you very much for your help.


Antonio Fiol


Bill Barker wrote:

>It's a known problem.  See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790 for
more details.  It is fixed in the CVS, and so will work in 4.1.25.
>
>"Antonio Fiol Bonnín" <fiol.bonnin@terra.es> wrote in message news:3EEAF1B3.8040307@terra.es...
>  
>
>>Hello,
>>
>>I have been struggling with a strange problem:
>>
>>Using Apache Web server (1.3.23 - 1.3.26, not tested others).
>>Using mod_jk (EAPI version, recent download).
>>On a Linux machine.
>>
>>Using tomcat 4.1.24
>>Both on solaris and on Linux.
>>
>>When Apache is configured with
>>SSLClientVerify optional
>>or
>>SSLClientVerify require
>>
>>Mod_jk is correctly configured (see why I say that later).
>>
>>Tomcat is configured with an AJP13 context, and responding well.
>>
>>PROBLEM: Client certificate cannot be obtained from the application.
>>PROBLEM: In fact, there is an IOException *before* calling the servlet.
>>PROBLEM: When tomcat is reconstructing the certificate. I get:
>>           Insufficient data          ...or...
>>           too big
>>
>>WORKAROUND: I found that the same configuration on Tomcat 4.1.9 is 
>>working perfectly.
>>
>>
>>I have been studying the differences between 4.1.9 and 4.1.24 and I have 
>>seen that certificate handling is done in very different places in the 
>>code (it has moved).
>>
>>Does anybody have an idea of what can have broken this?
>>
>>I am willing to submit a patch and/or do more investigation, so that 
>>this problem id fixed on 4.1.25 when it comes out.
>>
>>Yours sincerely,
>>
>>Antonio Fiol
>>    
>>
>
>  
>


Mime
View raw message