Hello all,
I have upgraded the Tomcat version from 9.0.85 to 9.0.86 (and tried with 9.0.87
too).
Some of our tests which involve on mutual authentication
("certificateVerification = optional") have started to fail.
In tests where the client does pass the certificate, I didn't see any SSL
handshake errors (with SSL handshake debugging enabled) but
"javax.servlet.request.X509Certificate" attribute wasn't set. This is the
attribute the application needs for further validations.
Could anyone please give pointers on how to debug this further?
Any code pointers where Tomcat sets this
"javax.servlet.request.X509Certificate" attribute?
Also, one more question - with optional certificate verification, the
connection doesn't fail if certificate is not passed. But connection will fail
if SSL handshake fails when a certificate is passed by client, is that correct
understanding?
Thanks,
Amit
