Hi everybody,
Currently I'm developing a servlet that validates with our OCSP service a
user certificate received from Apache v1.3.29 (with mod_ssl v2.8.16 and
ajp13 workers), but the problem is that I need to extract some data about
the correspondent client certificate chain to build the OCSP request and
I've not been able to obtain this from Tomcat v4.1.30 (with mod_jk v1.2) all
under Linux. I'm pretty sure that it's not a configuration problem because
my servlet is already retrieving additional information from mod_jk (i.e.
the client certificate, cipher, protocol and other SSL_ environment
variables from Apache/mod_ssl).
Anyway, in mod_jk I've tried the following directives:
JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0
JkEnvVar SSL_CLIENT_CERT_CHAIN_1 SSL_CLIENT_CERT_CHAIN_1
.
.
etc
An then from my Java servlet:
String chain0 = (String) request.getAttribute("SSL_CLIENT_CERT_CHAIN_0");
// Also tried it like an X509Certificate object
// Variable chain0 appears
equal to the string
"SSL_CLIENT_CERT_CHAIN_0"
X509Certificate[] cert
=(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certific
ate");
// Only getting one certificate in the array,
the correspondent to the
SSL client
// No certificates from the chain
Finally, I've been browsing trough some emails on this list that talk about
performance issues with the cert chain extraction so I don´t know if this
feature may be unavailable or something like this.
Thank you in advance for your help, best regards
_______________________
Jesus Luna Garcia
CertiVeR (U.E. Funded Project)
[EMAIL PROTECTED]
http://www.certiver.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
