tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lampa <lampa2...@gmail.com>
Subject Re: problem about ssl
Date Fri, 26 Dec 2008 05:52:43 GMT

The specified certificate is entrusted by CA , if not, I think TOMCAT must
verify the certificate and SSL connection must be failed .
I don't think there is any problem about my idea. I just want to implement
something that choosing the certificate by  ActiveX control,not by users.
Yes, maybe  I submit the question in other mail-lists. 

Lampa

Gregor Schneider wrote:
> 
> Actually your approach is breaking SSL-security. Among other things
> SSL is bsed on TRUST. Therefore, if an unkown or self-signed
> certificate is used, any browser should inform the user that the cert
> is not signed by a CA.
> 
> If you want to implement a way to circumvent said behaviour,
> personally I do not see any sense in doing so but tricking the user to
> accept a certificate wich is not trusted.
> 
> Maybe I misunderstand your intentions.
> 
> Besides, your problem is not a Tomcat-issue but a browser-issue (if
> any). Therefore, I suggest you place your request in the appropiate
> mailinglists / newsgroups.
> 
> Gregor
> -- 
> just because your paranoid, doesn't mean they're not after you...
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/problem-about-ssl-tp21156802p21172032.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message