tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Subscriber <subscri...@sepo.dk>
Subject Re: Handling SSL Client Auth abort
Date Thu, 10 May 2007 07:00:31 GMT
Hi Bill,

Thanks for your answer. I've tried to download the source code for 
Tomcat 5.5.23, but I can't find a JIO Connector. Is JIO an abbrevation 
for something? Can you point me to a place, where I can find the source 
code and possibly make my own patch?

regards,
kews

Bill Barker wrote:
> "Subscriber" <subscriber@sepo.dk> wrote in message 
> news:463EF1B3.2090607@sepo.dk...
>> Hi,
>>
>>>> ...unfortunately I never get that far where I can catch the exception. 
>>>> The exception is thrown within Tomcat and in my application code.
>>> (I'll assume there's a rather critical "not" missing from the last
>>> clause in the above sentence.)
>> Of course - NOT in my application code :-)
>>> If the client refuses the certificate or otherwise breaks the connection
>>> during the SSL negotiation, no servlet has been selected to receive the
>>> message, so there's no one to deliver the exception to.  The servlet
>>> spec doesn't seem to have any notion of container-oriented error pages,
>>> so I think you're out of luck without custom code inside Tomcat.
>>>
>>>  - Chuck
>> This is OK - but how do I put custom code into the Tomcat? I've already 
>> coded a custom realm for the purpose of verifying the certificate - could 
>> I use this realm to catch the exception?
>>
> 
> Nope.  The realm only gets called after the client sends the cert.  If she 
> cancels, then TC just returns an error.  You could use a Valve to see if 
> this has happened, but the socket has already been shutdown by this time (at 
> least with the JIO connector), so you can't send anything back to the 
> client.
> 
> I seem to remember that there is a patch in BZ for 5.5.x to modify the JIO 
> connector to handle this (but I'm too lazy to look it up :).  I don't know 
> the APR connector well enough to know how to make the same type of 
> modification there.
> 
>> Regards,
>> kews
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> __________ NOD32 2255 (20070509) Information __________
> 
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
> 
> 
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message