This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new b78b5bf2f0 Add note that optionalNoCA disables OCSP
b78b5bf2f0 is described below
commit b78b5bf2f02af31cb85427c59cc23d062fcfd562
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Oct 2 10:16:22 2023 +0100
Add note that optionalNoCA disables OCSP
---
webapps/docs/config/http.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index d205ca7ef0..d856f40aa3 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1331,7 +1331,8 @@
<code>optionalNoCA</code> if you want client certificates to be optional
and you don't want Tomcat to check them against the list of trusted CAs.
If the TLS provider doesn't support this option (OpenSSL does, JSSE does
- not) it is treated as if <code>optional</code> was specified. A
+ not) it is treated as if <code>optional</code> was specified. If
+ <code>optionalNoCA</code> is configured then OCSP will also be disabled.
<code>none</code> value (which is the default) will not require a
certificate chain unless the client requests a resource protected by a
security constraint that uses <code>CLIENT-CERT</code>
authentication.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
