tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From QM <qm...@brandxdev.net>
Subject Re: SSLPeerUnverifiedException
Date Thu, 29 Apr 2004 15:32:43 GMT
On Thu, Apr 29, 2004 at 11:17:43AM -0400, Jeremy Brown wrote:
: Just checking once more...does anyone know how I can get this message 
: out of the logs, aside from commenting it out and recompiling Tomcat?

: [included exceptions for the archives]
: >javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
: >com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275) 
: >org.apache.tomcat.util.net.jsse.JSSE14Support.getX509Certificates(JSSE14Support.java:151)


Two ways, both of which require some reading on JSSE and SSL:

1/ import the client certs (preferably, the client certs' CAs) into the
keystore used by Tomcat.

2/ Specify a different TrustManager, one that lets any client cert 
   through with blind trust.

#1 is clearly the safer way, if you're using client certs to
authenticate.

I don't know whether #2 is possible going through Tomcat, but chances
are you can specify the class on the commandline with a "-D" (similar
to how you can specify which XML toolkit to use).  Read up on the 
TrustManager class and write an impl that doesn't check the cert.

-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message