This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 89604f3fab Add note that optionalNoCA disables OCSP
89604f3fab is described below
commit 89604f3fab0b308f2f3ae31272b386cddb816096
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Oct 2 10:16:22 2023 +0100
Add note that optionalNoCA disables OCSP
---
webapps/docs/config/http.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 9cbab65964..96a37d3baa 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1198,7 +1198,8 @@
<code>optionalNoCA</code> if you want client certificates to be optional
and you don't want Tomcat to check them against the list of trusted CAs.
If the TLS provider doesn't support this option (OpenSSL does, JSSE does
- not) it is treated as if <code>optional</code> was specified. A
+ not) it is treated as if <code>optional</code> was specified. If
+ <code>optionalNoCA</code> is configured then OCSP will also be disabled.
<code>none</code> value (which is the default) will not require a
certificate chain unless the client requests a resource protected by a
security constraint that uses <code>CLIENT-CERT</code>
authentication.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
