Return-Path: 
 <users-return-154309-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 65038 invoked from network); 16 Nov 2006 12:35:46 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 16 Nov 2006 12:35:46 -0000
Received: (qmail 87231 invoked by uid 500); 16 Nov 2006 12:35:42 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 87211 invoked by uid 500); 16 Nov 2006 12:35:41 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 87200 invoked by uid 99); 16 Nov 2006 12:35:41 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Nov 2006 04:35:41 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of jak-tomcat-user@m.gmane.org
 designates 80.91.229.2 as permitted sender)
Received: from [80.91.229.2] (HELO ciao.gmane.org) (80.91.229.2)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Nov 2006 04:35:27 -0800
Received: from root by ciao.gmane.org with local (Exim 4.43)
	id 1GkgSM-0004MI-R8
	for users@tomcat.apache.org; Thu, 16 Nov 2006 13:35:02 +0100
Received: from nat-136.wasko.pl ([193.178.240.136])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <users@tomcat.apache.org>; Thu, 16 Nov 2006 13:35:02 +0100
Received: from marx by nat-136.wasko.pl with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <users@tomcat.apache.org>; Thu, 16 Nov 2006 13:35:02 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: users@tomcat.apache.org
From: Marx <marx@wasko.pl>
Subject: Tomcat5,Apache2,mod_ssl and mod_jk
Date: Thu, 16 Nov 2006 13:31:13 +0100
Lines: 30
Message-ID: <ejhlmh$b9p$5@sea.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: nat-136.wasko.pl
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
Sender: news <news@sea.gmane.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Hello
I configured Tomcat5,Apache2,mod_ssl and mod_jk.
I use certification, but I want some of directiories not tu require 
certificate.
Choosing which directories needs cetrtificate is configured via
<Directory "/">
     SSLVerifyClient none
</Directory>
<Directory "/usr/local/tomcat/webapps/xxx/yyy">
     SSLVerifyClient require
     SSLVerifyDepth 2
</Directory>
It works ok with Apache (without certificate I can't access yyy 
directory). Hovewer if I anable ajp13 connector like this:
JkMount /xxx/*.jsp ajp13
it works only with non-jsp files (served by Apache in this example) - I 
can access JSP files in yyy directory without certificate (I shoudn't).

So directive 'SSLVerifyClient require' doesn't work together with 
connector - I can read every file served via connector without certificate.

One another word - if I enable cerificate requirements globally, it 
works globally (can't access anything, even jsp files, without 
certificate) and whatever directive I would write I can't unblock some 
directories to not need certificate.

Last word - such configuration worked with Apache 1.3, Tomcat 4, mod_ssl 
and mod_jk.

Marx


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org