[Bug 64353] New: Add support for accessing server certificate from TLS context

bugzilla Wed, 15 Apr 2020 05:52:12 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=64353


            Bug ID: 64353
           Summary: Add support for accessing server certificate from TLS
                    context
           Product: Tomcat 10
           Version: 10.0.0-M4
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ------

Based on this discussion:
https://www.mail-archive.com/[email protected]/msg134872.html

There should be an option to access the used server certificate from the
current request being served by one TLS context. As easy as:
request.getAttribute("magic_name")
Return would be, similar to client certs, X509Certificate or X509Certificate[].

This requires these changes (non-exhaustive):
* SSLSupport implementations
* Define a new property in SSLSupport and org.apache.catalina.Globals for the
server cert
* org.apache.catalina.util.TLSUtil.isTLSRequestAttribute(String) and its
callers
* org.apache.coyote.AbstractProcessor.populateSslRequestAttributes() to add new
attribute to the request
* SSLValve to read server cert from reverse proxy, CGI var SSL_SERVER_CERT
* AJP and friends to deliver this piece of information

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 64353] New: Add support for accessing server certificate from TLS context

Reply via email to