tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From i_am <techat...@yahoo.com>
Subject RE: Force getting Client Cert from browser
Date Tue, 28 Apr 2009 22:03:45 GMT

Thanks Charles.
Ok getting back to it after a looong break...

I looked at the ssl traces and looks like client is sending server an Alert
(21) Warning (close notify) but,
server (tomcat) seems to ignore it!
Is there a way (config) to force tomcat to renegotiate ?
I even tried to invoke Tomcat action code ACTION_REQ_SSL_CERTIFICATE which,
I thought should force renegotiation but still does not.
I still see the same behavior where Tomcat just uses cached certificate!!!

Versions : Tomcat 5.5.27 with Java 1.6.0_11 on SLES10.

Any help is appreciated...

Thanks




Caldarale, Charles R wrote:
> 
>> From: atul [mailto:techatool@yahoo.com]
>> Subject: Re: Force getting Client Cert from browser
>>
>> I tried invalidating httpsession but that didnt work.
> 
> I'm a bit surprised at that, but I haven't gone through the code enough to
> figure out why that didn't work.  There's a tangentially related thread
> here:
> http://marc.info/?l=tomcat-user&m=120092922008604&w=2
> 
>> Also, in a deployment where if a machine is shared by
>> multiple users and user1 forgets to close the browser before
>> leaving, the user can log right in as user1.
> 
> A problem in any environment that has shared access points, not unique to
> using certificates for client authentication.
> 
>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Force-getting-Client-Cert-from-browser-tp20155194p23286972.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message