On Mon, 17 Sep 2001, GOMEZ Henri wrote:
> Date: Mon, 17 Sep 2001 23:03:36 +0200
> From: GOMEZ Henri <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: RE: SSL Attributes
>
> >Even in the 2.2 spec, this was required to be an array of certificates.
> >
> >What did Tomcat 3.2 do? If 3.2 does it right, this would seem to be a
> >regression.
>
> TC 3.2 also have it like a string and it's bad.
> I'm strongly to have TC 3.3 handling as indicated by SPEC.
>
> >> Cheers
> >>
> >> Jean-frederic
> >>
> >> Note:
> >> javax.servlet.cert.X509Certificate is in JSSE.
> >> java.servlet.cert.X509Certificate is in JDK (even in 1.2.2).
> >>
> >
> >Not only that, the JSSE version doesn't even inherit from the
> >JDK version
> >:-(. When using JSSE (i.e. in Tomcat stand-alone) you have to
> >convert the
> >certificates manually.
>
> I've got question not really well covered in spec.
> When you got the X509Certificate, you got the certificate
> presented by Browser ? So only one certificate isnt'it ?
>
> That's currently what mod_ssl present :)
>
JSSE presents the entire client certificate chain, with the first one in
the chain being the cerftificate of the client itself, followed by the
certificate of the CA that vouches for the client cert, and so on.
Craig
