Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 18120 invoked from network); 7 Feb 2006 15:54:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 Feb 2006 15:54:46 -0000 Received: (qmail 95366 invoked by uid 500); 7 Feb 2006 15:54:40 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 95316 invoked by uid 500); 7 Feb 2006 15:54:40 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 95300 invoked by uid 500); 7 Feb 2006 15:54:39 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 95295 invoked by uid 99); 7 Feb 2006 15:54:39 -0000 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Feb 2006 07:54:39 -0800 Received: by ajax.apache.org (Postfix, from userid 99) id 41A46CB; Tue, 7 Feb 2006 16:54:17 +0100 (CET) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 38553] New: - Wrong HTTP code for failed CLIENT-CERT authentication Message-ID: X-Bugzilla-Reason: AssignedTo Date: Tue, 7 Feb 2006 16:54:17 +0100 (CET) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38553 Summary: Wrong HTTP code for failed CLIENT-CERT authentication Product: Tomcat 5 Version: 5.0.28 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Connector:Coyote AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: axianx@gmail.com server.xml: =========== I set clientAuth to "want" tomcat-user.xml: ================ I create a role and an user with the ssl certificate metadata web.xml: ======== For a private URL on my webseite, I create a security constraint like this one:

App

/protected.jsp

tomcat

CONFIDENTIAL

CLIENT-CERT

tomcat

My results: (I try to access the restricted JSP-Page) =========== 1) When there is the RIGHT client certificate in the browser keystore: it works :-) 2) When there is the WRONG client certificate I get: HTTP Status 401 - Cannot authenticate with the provided credentials (this is ok, too) 3) When there is NO client certificate I get: HTTP Status 400 - No client certificate chain in this request 400 usually stands for a bad request or bad syntax. The Bug: ======== In case 3 I expect to get HTTP Status 401. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org