Re: extracting the Subject from a X.509 client certificate

Thu, 9 Mar 2000 10:25:27 -0800 

----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

Victor Granic wrote:
> 

> Hello.
> 
> I'm attempting to authenticate clients connecting to my Web server using
> X.509
> certificates.  Here is what I have installed:
> 
> Apache 1.3.6
> OpenSSL 0.9.3
> Apache Jserv 1.1
> 
> running on:
> Solaris 7 (sparc)
> 
> SSL is working and servlets are working, but when I try to access the client
> cert with
> the follwing code, I receive null for the cipherSuite:
> 
>     public void service(HttpServletRequest req, HttpServletResponse res)
>     throws ServletException, IOException
>     {
>         String msg = "<PRE>";
> 
>         // Get the Cipher Suite in use
>         String cipherSuite = (String)
> req.getAttribute("java.net.ssl.cipher_suite");
>         msg += "Cipher Suite: " + cipherSuite + "\n";
> 
>         // Get the client's certificate if there are any
>         if (cipherSuite != null) {
>             X509Certificate certChain[] =
>                 (X509Certificate[])
> req.getAttribute("java.net.ssl.peer_certificates");
>             if (certChain != null) {
>                 for (int i = 0; i < certChain.length; i++) {
>                     msg += "Client Certificate " + i + ":\n";
>                     msg += certChain[i].toString() + "\n";
>                 }
>             }
>         }
>         // write the message to the output stream
>         ServletOutputStream out = res.getOutputStream();
>         out.print(msg);
>         out.close();
> 
> Pointers, code, URLs or anything else that moves me in the direction of
> getting
> this working would be hugely appreciated.

hi Victor,

This is an Apache mod_ssl/apache-ssl issue.
The ssl modules authenticates the user's cert (with CA verif depth
variable, from strict to permissive), and exports to JServ the result :
(in ajpv12)
2 environment variables : SSL_CLIENT_DN and SSL_CLIENT_IDN.
(This could change in the next version, as I have found a bug in
mod_jserv with Ben-SSL:see after).

Your servlet can just get these variables and decide what to do with
them.

Jean-Luc

bug: SSL_CLIENT_IDN does not exist in Ben-SSL.
I'll put back the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN variables names
instead ASAP.


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to