I can't log in to file the bug? On Mar 14, 2013, at 6:19 PM, Joakim Erdfelt <[email protected]> wrote:
> That does help. > > It would be wise to file a bug asking for the ability to use SSL > renegotiation to allow application logic to provide a custom HTTP response. > > https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty&format=guided > > -- > Joakim Erdfelt <[email protected]> > webtide.com > Developer advice, services and support > from the Jetty & CometD experts > eclipse.org/jetty - cometd.org > > > On Thu, Mar 14, 2013 at 10:16 AM, Juan Calero <[email protected]> wrote: > * > I resolved that in Tomcat changing the SSL renegotiation handshake option > from Required to Optional. Unfortunately, this was not an option or > parameter, so I had to override some classes involved in SSL renegotiation > This way, if the client didn't have any certificate (or he cancelled > certificate selection) I still could get the request and control that case > (redirecting to a custom page, etc.) > > I tried somethig similar in Jetty 9, but AFAIK SSL renegotiation is not > implemented. > I tried adding a new SSL handshake in ClientCertAuthenticator and it works > (calling SSLEngine.setWantClientAuth(true) and SSLEngine.beginHandshake), but > the renegotiation is not working right and fails half of the times. I > explained it here: > http://dev.eclipse.org/mhonarc/lists/jetty-users/msg03093.html > > Hope it helps. > > * > El 14/03/2013 17:53, Joakim Erdfelt escribió: > That would be a bit tough... > > As you need to establish a proper SSL connection in order to even talk HTTP. > If the SSL connection fails, there's no HTTP exchange, hence no way to > respond. > > -- > Joakim Erdfelt <[email protected] <mailto:[email protected]>> > > > On Thu, Mar 14, 2013 at 9:49 AM, Maarten Koopmans <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > I have a SSL-protected application (client certificates) in Jetty > 8, where I do some custom logic with client certificates from the > application layer. > > Is there a way to propagate and catch the errors like SSL > handshakes etc. to the application/war, so I can provide > user-friendly feedback to my end users? > > A typical error case: > 1- REST client tries to connect with client certificate > 2- SSL error, say we don't have the CA in our trust chain > 3- blurb follows > > I'd like to catch 2 so I can "massage" 3. Is there a way to write > a filter/handler/whatnot/... to do this. > > Any thoughts, pointers our feedback greatly appreciated! > > Thanks, > > Maarten > > > > _______________________________________________ > jetty-users mailing list > [email protected] <mailto:[email protected]> > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
