tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Firefox SSL with APR - losing client certificate
Date Sat, 08 Aug 2015 12:33:16 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David,

On 8/7/15 11:37 AM, David BalaĹžic wrote:
> I use tomcat 6.0.44 wit APR on Windows x64. I set up
> SSLVerifyClient="optional" and since then encounter the following
> problem with Firefox 39.0.03 (IE works OK):
> 
> On first access Firefox shows the client certificate selection
> dialog. I select a certificate and continue. The web application
> "sees" the selected certificate and show a proper response page. 
> But on next access (I click a link) the client certificate is not
> visible to the application any more. It gets null from the method
> call 
> HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate
")
>
>  Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869
> (similar) And http://grokbase.com/t/tomcat/users/102pdv412y "
> [Tomcat-users] Client certificate gone after 1 minute timeout (SSL,
> APR)" (even more similar, except for me it fails on next access
> without a minute of waiting) As suggested in the second link,
> clearing cache and authentication in the browser is a workaround
> that works. Kind of as one has to select the certificate again and
> do it before every click on a link.
> 
> Strange, just now it worked fine for a few minutes.
> 
> Is this some known issue?
> 
> Without APR, using JSSE, it works fine (and did so for years).
> 
> This started after upgrading yesterday tomcat from 6.0.35_x64 (no
> APR) to apache-tomcat-6.0.44-windows-x64.zip (with or without
> APR). I start tomcat from Eclipse, using JRE 1.6.0_45  (each 64 bit
> version).
> 
> Firefox version 39.0, today updated to 39.0.3
> 
> The Connector line from server.xml:
> 
> <Connector SSLCACertificateFile="C:/CA_list.pem" 
> SSLCertificateFile="C:/key_public.pem" 
> SSLCertificateKeyFile="C:/key_private.pem" SSLEnabled="true"
> SSLPassword="changeit" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" 
> SSLVerifyClient="optional" URIEncoding="UTF-8" maxThreads="150"
> port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
> scheme="https" secure="true" />

Quick question: this is with Tomcat only and no httpd out in front, righ
t?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVxfcMAAoJEBzwKT+lPKRYSyUQAK+mRJXFuRE2snlnMI+AqkKw
R9gDYJ033fCr25ltrrF6a4kft8q4GkjzHyKHiffe6T9iYnSjiZJMNGRwVz/StIqV
ri5UQ8DxEg3TjC3x1NLzbyyzkCGaCNT6fUW1esjFehtQbsbvXezDQbLKy+c1UR39
38mjXEaurMnfLt/yCkssoluFRqmToyHbTALBZzcivKo1FkMTDRB/+zL/CbGv+beX
Nmse1nt9MNN3s3THAhp8GI3Zd6CHmzYDYBHVMXUol3EA8RexhuKP+tCd4MJ9H1cz
/dPG2RxjbXjYKmu27K/n0IBVpzS+IxenT6CVZrwUArB5MqEVcar4OVNqi6N7zDBU
dlR9rK5PKWk+EcavINoBTDeA/e5A8gfnjJGcGCXgtNVWYTFcXFztN9KsfWFytmJA
+xkrLqg+2KX8Dd/1Ez/3lI2MY/gTLXOdSxDFncloG7jS10D8ccnhnth6c+Ngf1IJ
fEQk+SaxHg/Er92/bAGVXoPLDeZk+dIcOnbaBVrncvuGmuXM0q4q/CGgTJSGk3RE
BAHd+r8S1nTLfOTYKNSFxk6Lbs5EU2PgCMFa8VFOd1OeM0PrgGwWoqpgbK3NPhw/
PBXa23Fxp9jHUVLtnr6QWn8Wmuq5blKVnkKyMTgSe+gnGLb+TUIHZCTkkoWvsEhg
Vy5GFQ2jLYPkGRa46xk2
=h7QZ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message