https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
--- Comment #16 from Mark Thomas <ma...@apache.org> --- Created attachment 33578 --> https://bz.apache.org/bugzilla/attachment.cgi?id=33578&action=edit Potential patch if OpenSSL decide this is a WONTFIX Working around this in Tomcat is quite simple. It does mean the full chain is only available on the initial connection. Subsequent connections only get the user cert. That is probably sufficient for most use cases. Where that isn't sufficient, the app can always cache the chain in the session. Another option is for the CLIENT-CERT authenticator to cache the chain in the session. I'm following this up with the OpenSSL folks. If it is indeed a WONTFIX then we can apply this patch or something along these lines. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org