Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 23356 invoked from network); 25 Dec 2008 13:33:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Dec 2008 13:33:35 -0000 Received: (qmail 5785 invoked by uid 500); 25 Dec 2008 13:33:22 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 5754 invoked by uid 500); 25 Dec 2008 13:33:22 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 5743 invoked by uid 99); 25 Dec 2008 13:33:22 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Dec 2008 05:33:22 -0800 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rc46fi@googlemail.com designates 209.85.218.13 as permitted sender) Received: from [209.85.218.13] (HELO mail-bw0-f13.google.com) (209.85.218.13) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Dec 2008 13:33:12 +0000 Received: by bwz6 with SMTP id 6so9940420bwz.0 for ; Thu, 25 Dec 2008 05:32:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=hj2mu+QJ9Poa57woTlkfaP/tbuy+AInXbNl3DCxHoGc=; b=KLBfNA+B5HRPyob+en9MU1bpio0aJobXkAFHpAOZZ597VEV7DeF4pYCKMjlt1BKfwH jxp32a8ufndBRJIlnEEYDsGvP7qZl6ksofUwglh7ehA+sc/Aw718mDgSIQ4UJ1OgKYxL yVZjSOErw1zyyuX5ZCtlJBuaYB1RcbwAe/T9M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=xFWu99zOQ5vf98dKjqEkS2PODB52woCWaUbcbh2o/s53EP5t4eVyUN4htmB1D4yHdU qsHGrCL7mZHjSie6jbHnd/COaf6uDK3ueT2joXjnCMJyq9OPYIfbt5+cJBfSm75yw4/v go/9A7/Shd9oZwVCB3qx+9/km4FU26HUo4KRQ= Received: by 10.181.11.3 with SMTP id o3mr3558881bki.172.1230211971055; Thu, 25 Dec 2008 05:32:51 -0800 (PST) Received: by 10.180.209.4 with HTTP; Thu, 25 Dec 2008 05:32:50 -0800 (PST) Message-ID: Date: Thu, 25 Dec 2008 14:32:50 +0100 From: "Gregor Schneider" To: "Tomcat Users List" Subject: Re: problem about ssl In-Reply-To: <21166271.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <21156802.post@talk.nabble.com> <21166271.post@talk.nabble.com> X-Virus-Checked: Checked by ClamAV on apache.org Actually your approach is breaking SSL-security. Among other things SSL is bsed on TRUST. Therefore, if an unkown or self-signed certificate is used, any browser should inform the user that the cert is not signed by a CA. If you want to implement a way to circumvent said behaviour, personally I do not see any sense in doing so but tricking the user to accept a certificate wich is not trusted. Maybe I misunderstand your intentions. Besides, your problem is not a Tomcat-issue but a browser-issue (if any). Therefore, I suggest you place your request in the appropiate mailinglists / newsgroups. Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org