tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61394] NIO/NIO2 + OpenSSL renegotiation doesn't send list of CAs to user agent
Date Wed, 09 Aug 2017 15:27:09 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61394

--- Comment #5 from George Stanchev <stanchev@hotmail.com> ---
I don't mean to derail the discussion but we implement a trust-all manager
thats gets injected from the connector attrobutes:

public class AnyCertX509TrustManager implements X509TrustManager {
    public void checkClientTrusted(X509Certificate[] certs, String auth) {}
    public void checkServerTrusted(X509Certificate[] certs, String auth) {}
    public X509Certificate[] getAcceptedIssuers() { return new
X509Certificate[0]; }
}

In case of OpenSSL setup, would the proposed approach to send the accepted
issuers as [0] sized array of certs mean "trust-all" to OpenSSL or "trust-none"

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message