From dev-return-188668-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Thu Feb 1 13:29:45 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id DBED7180652 for ; Thu, 1 Feb 2018 13:29:45 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id CC258160C44; Thu, 1 Feb 2018 12:29:45 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1FB8E160C26 for ; Thu, 1 Feb 2018 13:29:44 +0100 (CET) Received: (qmail 10895 invoked by uid 500); 1 Feb 2018 12:29:43 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 10884 invoked by uid 99); 1 Feb 2018 12:29:43 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Feb 2018 12:29:43 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 7638019A911 for ; Thu, 1 Feb 2018 12:29:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id OgsnN1IRVoQd for ; Thu, 1 Feb 2018 12:29:42 +0000 (UTC) Received: from mail-it0-f53.google.com (mail-it0-f53.google.com [209.85.214.53]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 66D9F5F2C3 for ; Thu, 1 Feb 2018 12:29:42 +0000 (UTC) Received: by mail-it0-f53.google.com with SMTP id b5so3975668itc.3 for ; Thu, 01 Feb 2018 04:29:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=aBmGrEymKMfwuzUwU4hFFzSklaDsnf4oaL6TH/2pNy0=; b=BNiOOFtNa2CVR1WpzytWg3bMLtcEt7x450zLSVOJ4rIORpKamF+CFvz/f4JzBeaBM0 09FZN44X05DDq9m9nJBAxwx4Go3X5drODkIT+GMK3SOSLbCbs+mGzpCBusd4C42fb/oc 3jtzlBS8eJK6ihZW6eMN1xgaNChw0AenOF9VEeQgjNLmjFaA+tKI9OQTU7YmUW3pROPS aX+rj3cJwDcFXoWwi2q8HBlBlQwPdCmcxTOFCFMa7wItQMO+N35+gRjEQExRrbC50oqP FLkMLdCESXk4KOI6tZpq001C9IcPSo5r9shFxHdWewCCitWjZvOEy3MuF94WDxd6/R/G MPQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=aBmGrEymKMfwuzUwU4hFFzSklaDsnf4oaL6TH/2pNy0=; b=LLNl6C70F7RvUXBzTT1hh+IBWzEv0Pkodc3JpJIQj+OLo53Q6TAHl+RjaTQ9bbVhIN 3WfTPOp3RnrL12/YypzaQCFQHsODMG1Ky0bw6mEjUXGTrdLX0TU6tHoCcFFh36F1R73G IRVkME1PD9vyRAXBZCSYIpZNyFYfRE7btIkZnwYMs4yPzVnMYRWyl712qmQWEO6dLtRu MnoMMpfDHKxRuSmJrk9zABW80if0P7PG+BCovBSpUt1p8sE49qsavclebp8l2U4Omg14 CPEZOC1+vgIHN0GBtUXxDmIJtDfSMWN2Ksj5ixoEd1beV+Eu3KbLh15ZzkDJzILqzzB/ Fexg== X-Gm-Message-State: AKwxytdt/2MdQaUl9iJloLEdsHed5JRdPN8I7m0IWTa9dXhhWEh8cTPL qXYCA3VYDdzQLsuI3IPZM7sVnxrW6EGoZtVzErQLHW60 X-Google-Smtp-Source: AH8x226GvXHG6B6iucEjfhFQ4tfRuH5ecdoAlteC2tSUTxgRIHjkXP3RcyslWSaiTMt3wKL5J0cOkxocbYcFgLgBNaw= X-Received: by 10.36.182.2 with SMTP id g2mr24297335itf.19.1517488181771; Thu, 01 Feb 2018 04:29:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.161.136 with HTTP; Thu, 1 Feb 2018 04:29:41 -0800 (PST) From: Indunil Rathnayake Date: Thu, 1 Feb 2018 17:59:41 +0530 Message-ID: Subject: Mutual SSL client certificate validation(Key Usage and Extended Key Usage) in tomcat server To: dev@tomcat.apache.org Content-Type: multipart/alternative; boundary="089e08200cdc0681fb056425c0a7" --089e08200cdc0681fb056425c0a7 Content-Type: text/plain; charset="UTF-8" Hi, I have configured a tomcat connector for handling requests for a particular servlet and have configured a trust store for the connector. Anyone knows whether tomcat handles validation of "Key Usage" and "Extended Key Usage" extensions in client certificates? And how it's handled through tomcat(is it through the tomcat connector)? Appreciate your help on this. Thanks and Regards -- *Indunil Rathnayake * *Faculty of Information Technology* *University of Moratuwa.* --089e08200cdc0681fb056425c0a7--