> -----Mensaje original----- > De: jean-frederic clere [mailto:[EMAIL PROTECTED] > Enviado el: viernes, 08 de octubre de 2004 8:28 > Para: Jesús Luna > Asunto: Re: Problems with SSL_CLIENT_CERT_CHAIN_n from servlet > > > I have not (yet) got it working but the idea to have more httpd variables > available in the servlet sounds a needed feature. >
I agree with you about the need for a new set of variables availables to the servlet application (specially in the case of security!), however I've read the "Java Servlet Specification v2.4" and it looks like the client's certificate chain should be exposed as an attribute in a mandatory way. The correspondent text from section SRV.4.7 "SSL Attributes" follows: "If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. The order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on." So I still can't figure out why my app can't get them. _______________________ Jesus Luna Garcia CertiVeR (EU Funded Project) [EMAIL PROTECTED] http://www.certiver.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]