(Hi everyone! Here i'm again, asking for some help about https authentication and custom error pages.)
Dear Mr. Bill Barker, We've used "clientAuth=want" as you suggested; and now we've managed to "know" that a client tried to access the application without a valid certificate. That's is OK, and we thank you very much. But when we try to launch an customized error page, a new error happens. It seems that the conection with the remote browser is broken. Who closed it? When? How? The point is that we can't return our error page... I've seen that Mr. Alain Baucant has been working with the same problem. Maybe he could help us. Thanks in advice, Carlos Guardiola PS- We've got the stacktrace in our catalina.out; it's quite large, i think i'm gonna send you a shorter one ;-) ADVERTENCIA: Exception getting SSL Cert java.net.SocketException: Socket Closed at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177) at java.net.Socket.setSoTimeout(Socket.java:924) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275) at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup port.java:137) at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:1 05) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp ort.java:163) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1082) (....) (Sysdate) org.apache.tomcat.util.net.jsse.JSSE14Support synchronousHandshake INFO: SSL Error getting client Certs javax.net.ssl.SSLProtocolException: handshake alert: no_certificate at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at java.io.InputStream.read(InputStream.java:89) at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup port.java:126) at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:1 05) (....) (Sysdate) org.apache.coyote.http11.Http11Processor action ADVERTENCIA: Exception getting SSL Cert javax.net.ssl.SSLProtocolException: handshake alert: no_certificate at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at java.io.InputStream.read(InputStream.java:89) at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup port.java:126) (....) Here is the access log; it seems that it's trying to get the "Error 400" page... (client IP) - - [(Sysdate)] "GET /(app. directory)/ HTTP/1.1" 400 45 -----Mensaje original----- De: news [mailto:[EMAIL PROTECTED] En nombre de Bill Barker Enviado el: viernes, 05 de marzo de 2004 3:20 Para: [EMAIL PROTECTED] Asunto: Re: Client authentication and customized error pages Using clientAuth="true", the error happens too early to be able to invoke an error-page. You might try using clientAuth="want" instead. In this case, the user still gets prompted for a cert, but the request continues if she hits "cancel". It is then the responsibility of your webapp to handle the case where there is no cert sent. "Carlos Guardiola" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi everyone! > I'm using SSL client authentication in a tomcat 5.0.19. Everything goes > fine, but i need some help customizing error pages. > > When a client want to use my application, the browser asks him to choose > a valid certificate, but perhaps he hasn't a valid one. If he doesn't > have a certificate, the client authentication can't be done, so my > application is never invoked. O.K. > > So, the browser shows a "page not found error", wich isn't one of my > application's customized error pages (as my application have never been > invoked). How can i customize that error page, in order to show > something like "you need a valid certificate"? > > I've created my own ErrorReportValve, used in the > "errorReportValveClass" directive of the Host in my tomcat's server.xml. > But it also seems not being invoked... > > Any help will be useful, thanks in advice, > > Carlos --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]