tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Question related to mutual authentication
Date Thu, 09 Nov 2017 10:02:14 GMT
On 8 November 2017 21:09:11 GMT+00:00, Nicolas Therrien <Nicolas.Therrien@airbus-dscomm.com>
wrote:

<snip/>

>My understanding is that when "certificateVerification" is set to
>"required", the server would perform the same verification as the
>client does, that is:
>
>1) Verify the incoming certificate is signed by an authority that is
>part of the local truststore.

Correct.

>2) Verify that the incoming certificate's common name matches the
>hostname of the peer we are communicating with.

Incorrect.

The client very is intended to prove the identity of the user, not the host the happen to
be using.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message