This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new c5604099a9 Add note that optionalNoCA disables OCSP
c5604099a9 is described below
commit c5604099a941f66b74b65bd2ec150c41077dcc35
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Oct 2 10:16:22 2023 +0100
Add note that optionalNoCA disables OCSP
---
webapps/docs/config/http.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 30101b80d8..a38e3ed4ec 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1223,7 +1223,8 @@
<code>optionalNoCA</code> if you want client certificates to be optional
and you don't want Tomcat to check them against the list of trusted CAs.
If the TLS provider doesn't support this option (OpenSSL does, JSSE does
- not) it is treated as if <code>optional</code> was specified. A
+ not) it is treated as if <code>optional</code> was specified. If
+ <code>optionalNoCA</code> is configured then OCSP will also be disabled.
<code>none</code> value (which is the default) will not require a
certificate chain unless the client requests a resource protected by a
security constraint that uses <code>CLIENT-CERT</code>
authentication.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
