That does help. It would be wise to file a bug asking for the ability to use SSL renegotiation to allow application logic to provide a custom HTTP response.
https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty&format=guided -- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> Developer advice, services and support from the Jetty & CometD experts eclipse.org/jetty - cometd.org On Thu, Mar 14, 2013 at 10:16 AM, Juan Calero <[email protected]>wrote: > * > I resolved that in Tomcat changing the SSL renegotiation handshake option > from Required to Optional. Unfortunately, this was not an option or > parameter, so I had to override some classes involved in SSL renegotiation > This way, if the client didn't have any certificate (or he cancelled > certificate selection) I still could get the request and control that case > (redirecting to a custom page, etc.) > > I tried somethig similar in Jetty 9, but AFAIK SSL renegotiation is not > implemented. > I tried adding a new SSL handshake in ClientCertAuthenticator and it works > (calling SSLEngine.setWantClientAuth(**true) and > SSLEngine.beginHandshake), but the renegotiation is not working right and > fails half of the times. I explained it here: > http://dev.eclipse.org/**mhonarc/lists/jetty-users/**msg03093.html<http://dev.eclipse.org/mhonarc/lists/jetty-users/msg03093.html> > > Hope it helps. > > * > El 14/03/2013 17:53, Joakim Erdfelt escribió: > >> That would be a bit tough... >> >> As you need to establish a proper SSL connection in order to even talk >> HTTP. >> If the SSL connection fails, there's no HTTP exchange, hence no way to >> respond. >> >> -- >> Joakim Erdfelt <[email protected] <mailto:[email protected]>> >> >> >> On Thu, Mar 14, 2013 at 9:49 AM, Maarten Koopmans >> <[email protected]<mailto: >> [email protected]>> wrote: >> >> Hi, >> >> I have a SSL-protected application (client certificates) in Jetty >> 8, where I do some custom logic with client certificates from the >> application layer. >> >> Is there a way to propagate and catch the errors like SSL >> handshakes etc. to the application/war, so I can provide >> user-friendly feedback to my end users? >> >> A typical error case: >> 1- REST client tries to connect with client certificate >> 2- SSL error, say we don't have the CA in our trust chain >> 3- blurb follows >> >> I'd like to catch 2 so I can "massage" 3. Is there a way to write >> a filter/handler/whatnot/... to do this. >> >> Any thoughts, pointers our feedback greatly appreciated! >> >> Thanks, >> >> Maarten >> >> >> >> ______________________________**_________________ >> jetty-users mailing list >> [email protected] >> <mailto:jetty-users@eclipse.**org<[email protected]> >> > >> >> https://dev.eclipse.org/**mailman/listinfo/jetty-users<https://dev.eclipse.org/mailman/listinfo/jetty-users> >> >> >> >> >> >> ______________________________**_________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/**mailman/listinfo/jetty-users<https://dev.eclipse.org/mailman/listinfo/jetty-users> >> > > ______________________________**_________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/**mailman/listinfo/jetty-users<https://dev.eclipse.org/mailman/listinfo/jetty-users> >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
