tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Balažic <david.bala...@comtrade.com>
Subject RE: Firefox SSL with APR - losing client certificate
Date Wed, 12 Aug 2015 15:26:12 GMT
I also happens with latest apache-tomcat-8.0.24-windows-x64.zip
Using this simple webapp:

In the webapps folder create a folder named "cert", there create a file named ccertA.jsp with
contents:

<html>
<body>
<h3>client cert test - page A</h3>
User client cert data:
<%= ((java.security.cert.X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"))[0].getSubjectX500Principal().toString()%>
<p>
Check <a href="ccertB.jsp">page B</a>
<p>
Page served time: <%= new java.util.Date().toString() %>
</body>
</html>

Optionally create nother file"ccertB.jsp" with same content, except the "A" and "B" letter
swapped.

In server.xml add a line:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
	secure="true" scheme="https" maxThreads="150" URIEncoding="UTF-8"
	SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
	SSLPassword="testing" SSLEnabled="true"
	SSLCertificateKeyFile="C:/your_server_key_private.pem"
	SSLCertificateFile="C:/ your_server_key _public.pem"
	SSLCACertificateFile="C:/supported_client_CAs.pem" />

Then start with startup.bat and open the page https://localhost:8443/cert/ccertA.jsp and refresh
it or click the link.
After a few click instead of the page an error will be presented:

HTTP Status 500 - An exception occurred processing JSP page /ccertA.jsp at line 5

type Exception report

message An exception occurred processing JSP page /ccertA.jsp at line 5

description The server encountered an internal error that prevented it from fulfilling this
request.

exception

org.apache.jasper.JasperException: An exception occurred processing JSP page /ccertA.jsp at
line 5

2: <body>
3: <h3>client cert test - page A</h3>
4: User client cert data:
5: <%= ((java.security.cert.X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"))[0].getSubjectX500Principal().toString()%>
6: <p>
7: Check <a href="ccertB.jsp">page B</a>
8: <p>


Stacktrace:
	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:574)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

root cause

java.lang.NullPointerException
	org.apache.jsp.ccertA_jsp._jspService(ccertA_jsp.java:93)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

note The full stack trace of the root cause is available in the Apache Tomcat/8.0.24 logs.
Apache Tomcat/8.0.24


The error occurs in about 30 seconds after first  load (keep refreshing or clicking every
few seconds or so).

Tested with:
 - Chrome v44
 - Firefox v39.0.3 and v40

The problem does not occur with IE v11.

Regards,
David Balažic
Software Engineer
www.comtrade.com


> -----Original Message-----
> From: David Balažic [mailto:david.balazic@comtrade.com]
> Sent: 10. August 2015 19:30
> To: Tomcat Users List
> Subject: RE: Firefox SSL with APR - losing client certificate
> Importance: Low
> 
> > From: David Balažic [mailto:david.balazic@comtrade.com]
> >
> > > From: Christopher Schultz [mailto:chris@christopherschultz.net]
> > > Sent: 8. August 2015 14:33
> > >
> > > Quick question: this is with Tomcat only and no httpd out in front, righ
> > > t?
> >
> > Yes.
> 
> It is also the same if run independently (without Eclipse):
>  - extract apache-tomcat-6.0.44-windows-x64.zip
>  - set JAVA_HOME,CATALINA_HOME, CATALINA_BASE and CATALINA_OPTS
>  - copy war file into webapps folder
>  - copy ojdbc6_g-11.2.0.2.0.jar into lib folder (my WAR uses an Oracle
> database)
>  - execute startup.bat
> 
> Java is again 1.6.0_45 (x64).
> 
> It also happens with java version "1.8.0_51"
> Java(TM) SE Runtime Environment (build 1.8.0_51-b16)
> Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)
> 
> 
> I also tested on another system with 32 bit Windows 7, apache-tomcat-
> 6.0.44-windows-x86.zip , with
> java version "1.6.0_12"
> Java(TM) SE Runtime Environment (build 1.6.0_12-b04)
> Java HotSpot(TM) Client VM (build 11.2-b01, mixed mode, sharing)
> 
> Same problem (with FF, while IE works fine).
> 
> On the first system I also tried with Chrome: also has the problem.
> 
> Interestingly, on one occasion with FF the problem did not surface for long
> time (about 15 minutes of testing).
> Then I cleared the "Active Logins" (shift-ctrl-del) in Firefox and tried again:
> the problem occurred right on second HTTP(S) request.
> 
> Regards,
> David
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message