billbarker 2004/03/18 22:26:41
Modified: util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java
Log:
If using clientAuth="want", then don't change it to "need" when requesting the cert
for CLIENT-CERT auth.
About the only thing that this allows is the ability to send back an error page if
the client chooses not to send a cert.
Revision Changes Path
1.8 +6 -1
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java
Index: JSSE14Support.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JSSE14Support.java 24 Feb 2004 08:50:05 -0000 1.7
+++ JSSE14Support.java 19 Mar 2004 06:26:41 -0000 1.8
@@ -27,6 +27,7 @@
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -58,7 +59,11 @@
}
protected void handShake() throws IOException {
- ssl.setNeedClientAuth(true);
+ if( ssl.getWantClientAuth() ) {
+ logger.debug("No client cert sent for want");
+ } else {
+ ssl.setNeedClientAuth(true);
+ }
synchronousHandshake(ssl);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
