tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Balažic <david.bala...@comtrade.com>
Subject RE: Firefox SSL with APR - losing client certificate
Date Thu, 17 Sep 2015 19:06:45 GMT
Anyone with experience debugging SSL issues (with APR or from Firefox/Chrome side) ?

David Balažic


> -----Original Message-----
> From: David Balažic [mailto:david.balazic@comtrade.com]
> Sent: 10. September 2015 14:58
> To: users@tomcat.apache.org
> Subject: RE: Firefox SSL with APR - losing client certificate
> Importance: Low
> 
> Reported as Bug 58244 - two way SSL loses client certificate after a few
> requests
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
> 
> 
> David Balažic
> 
> > -----Original Message-----
> > From: David Balažic
> > Sent: 7. August 2015 17:38
> > To: users@tomcat.apache.org
> > Subject: Firefox SSL with APR - losing client certificate
> > Importance: Low
> >
> > Hi!
> >
> > I use tomcat 6.0.44 wit APR on Windows x64.
> > I set up SSLVerifyClient="optional" and since then encounter the following
> > problem with Firefox 39.0.03 (IE works OK):
> >
> > On first access Firefox shows the client certificate selection dialog. I select
a
> > certificate and continue. The web application "sees" the selected certificate
> > and show a proper response page.
> > But on next access (I click a link) the client certificate is not visible to the
> > application any more. It gets null from the method call
> > HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate")
> >
> > Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869
> > (similar)
> > And http://grokbase.com/t/tomcat/users/102pdv412y " [Tomcat-users]
> > Client certificate gone after 1 minute timeout (SSL, APR)"
> > (even more similar, except for me it fails on next access without a minute
> of
> > waiting)
> > As suggested in the second link, clearing cache and authentication in the
> > browser is a workaround that works. Kind of as one has to select the
> > certificate again and do it before every click on a link.
> >
> > Strange, just now it worked fine for a few minutes.
> >
> > Is this some known issue?
> >
> > Without APR, using JSSE, it works fine (and did so for years).
> >
> > This started after upgrading yesterday tomcat from 6.0.35_x64 (no APR) to
> > apache-tomcat-6.0.44-windows-x64.zip (with or without APR).
> > I start tomcat from Eclipse, using JRE 1.6.0_45  (each 64 bit version).
> >
> > Firefox version 39.0, today updated to 39.0.3
> >
> > The Connector line from server.xml:
> >
> > <Connector SSLCACertificateFile="C:/CA_list.pem"
> > 	SSLCertificateFile="C:/key_public.pem"
> > 	SSLCertificateKeyFile="C:/key_private.pem"
> > 	SSLEnabled="true" SSLPassword="changeit"
> > SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
> > 	SSLVerifyClient="optional" URIEncoding="UTF-8" maxThreads="150"
> > port="8443"
> > 	protocol="org.apache.coyote.http11.Http11AprProtocol"
> > scheme="https"
> > 	secure="true" />
> >
> >
> > Regards,
> > David Balažic
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message