This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 0432bf7561 Add note that optionalNoCA disables OCSP
0432bf7561 is described below
commit 0432bf756102f4fd3cfdf1fadbb7448ec208090f
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Oct 2 10:16:22 2023 +0100
Add note that optionalNoCA disables OCSP
---
webapps/docs/config/http.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 1bdc7f8c1a..cc64907ee9 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1298,7 +1298,8 @@
<code>optionalNoCA</code> if you want client certificates to be optional
and you don't want Tomcat to check them against the list of trusted CAs.
If the TLS provider doesn't support this option (OpenSSL does, JSSE does
- not) it is treated as if <code>optional</code> was specified. A
+ not) it is treated as if <code>optional</code> was specified. If
+ <code>optionalNoCA</code> is configured then OCSP will also be disabled.
<code>none</code> value (which is the default) will not require a
certificate chain unless the client requests a resource protected by a
security constraint that uses <code>CLIENT-CERT</code>
authentication.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
