I've just tested 9.0.x and mutual TLS authentication appears to be
working as expected.
I suggest starting with testing a simple JSP that echoes that attribute
and if you still see the issue, provide us with your configuration. Note
that the issue may be related to the certs you are using so the
configuration information should include steps to recreate the TLS certs
with keystore, OpenSSL or similar.
On 15/03/2024 00:48, Amit Pande wrote:
Hello all,
I have upgraded the Tomcat version from 9.0.85 to 9.0.86 (and tried with 9.0.87
too).
Some of our tests which involve on mutual authentication ("certificateVerification =
optional") have started to fail.
In tests where the client does pass the certificate, I didn't see any SSL handshake
errors (with SSL handshake debugging enabled) but
"javax.servlet.request.X509Certificate" attribute wasn't set. This is the
attribute the application needs for further validations.
Have you confirmed that the certificate was sent from the client?
Could anyone please give pointers on how to debug this further?
Any code pointers where Tomcat sets this
"javax.servlet.request.X509Certificate" attribute?
git clone
grep
Also, one more question - with optional certificate verification, the
connection doesn't fail if certificate is not passed. But connection will fail
if SSL handshake fails when a certificate is passed by client, is that correct
understanding?
Yes, that is what I would expect.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
