billbarker 2004/03/18 22:26:41 Modified: util/java/org/apache/tomcat/util/net/jsse JSSE14Support.java Log: If using clientAuth="want", then don't change it to "need" when requesting the cert for CLIENT-CERT auth. About the only thing that this allows is the ability to send back an error page if the client chooses not to send a cert. Revision Changes Path 1.8 +6 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java Index: JSSE14Support.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JSSE14Support.java 24 Feb 2004 08:50:05 -0000 1.7 +++ JSSE14Support.java 19 Mar 2004 06:26:41 -0000 1.8 @@ -27,6 +27,7 @@ import javax.net.ssl.HandshakeCompletedEvent; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -58,7 +59,11 @@ } protected void handShake() throws IOException { - ssl.setNeedClientAuth(true); + if( ssl.getWantClientAuth() ) { + logger.debug("No client cert sent for want"); + } else { + ssl.setNeedClientAuth(true); + } synchronousHandshake(ssl); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]