Re: Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes

[Remy Maucherat]

Francisco Queiros Pinto wrote:
> Hi,
> 
> I've just upgraded Tomcat 4.1.10 to 4.1.12.
> When trying a secure connection, the browser asks me to
> accept the server certificate and seems to achieve it.
> However, contrary to the previous version, now the server
> generates the following error:
> 
>  (catalina.out) 
> WARNING: Exception getting SSL attributes
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at 
> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275) 
> 
> at 
> org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118) 
> 
> ...
> 
> 
> To see if there was anything wrong with the old certificate
> I've created a new certificate with:
> 
>keytool -genkey -alias tomcat -keyalg RSA
> 
> and started tomcat again. However, as previously, the browser
> still seems to open a secure connection with the server, but
> the server error still persists.
> 
> Is this a bug or a feature related with a security vulnerability
> in the previous version?

No, it's a warning that gets printed out although it shouldn't 
(basically, the connector tries to get the client certificate although 
client cert is not used). It has little ill effects except a performance 
decrease because the traces are printed out.

It is already fixed in CVS, and will be fixed in the next release.

Remy


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Upgrade to Tomcat 4.1.12 - WARNING: Exception getting SSL attributes

[Francisco Queiros Pinto]

Hi,

I've just upgraded Tomcat 4.1.10 to 4.1.12.
When trying a secure connection, the browser asks me to
accept the server certificate and seems to achieve it.
However, contrary to the previous version, now the server
generates the following error:

 (catalina.out) 
WARNING: Exception getting SSL attributes
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
 at 
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
 at 
org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain(JSSESupport.java:118)
...


To see if there was anything wrong with the old certificate
I've created a new certificate with:

keytool -genkey -alias tomcat -keyalg RSA

and started tomcat again. However, as previously, the browser
still seems to open a secure connection with the server, but
the server error still persists.

Is this a bug or a feature related with a security vulnerability
in the previous version?

Anyone had similar problems?
Regards,

-- 
Francisco


--
To unsubscribe, e-mail:   
For additional commands, e-mail: