(Hi everyone! Here i'm again, asking for some help about https
authentication and custom error pages.)
Dear Mr. Bill Barker,
We've used "clientAuth=want" as you suggested; and now we've managed to
"know" that a client tried to access the application without a valid
certificate. That's is OK, and we thank you very much.
But when we try to launch an customized error page, a new error happens. It
seems that the conection with the remote browser is broken. Who closed it?
When? How? The point is that we can't return our error page...
I've seen that Mr. Alain Baucant has been working with the same problem.
Maybe he could help us.
Thanks in advice,
Carlos Guardiola
PS-
We've got the stacktrace in our catalina.out; it's quite large, i think i'm
gonna send you a shorter one ;-)
ADVERTENCIA: Exception getting SSL Cert
java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177)
at java.net.Socket.setSoTimeout(Socket.java:924)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup
port.java:137)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:1
05)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
ort.java:163)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1082)
(....)
(Sysdate) org.apache.tomcat.util.net.jsse.JSSE14Support synchronousHandshake
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup
port.java:126)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:1
05)
(....)
(Sysdate) org.apache.coyote.http11.Http11Processor action
ADVERTENCIA: Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup
port.java:126)
(....)
Here is the access log; it seems that it's trying to get the "Error 400"
page...
(client IP) - - [(Sysdate)] "GET /(app. directory)/ HTTP/1.1" 400 45
-----Mensaje original-----
De: news [mailto:[EMAIL PROTECTED] En nombre de Bill Barker
Enviado el: viernes, 05 de marzo de 2004 3:20
Para: [EMAIL PROTECTED]
Asunto: Re: Client authentication and customized error pages
Using clientAuth="true", the error happens too early to be able to invoke an
error-page. You might try using clientAuth="want" instead. In this case,
the user still gets prompted for a cert, but the request continues if she
hits "cancel". It is then the responsibility of your webapp to handle the
case where there is no cert sent.
"Carlos Guardiola" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> Hi everyone!
> I'm using SSL client authentication in a tomcat 5.0.19. Everything goes
> fine, but i need some help customizing error pages.
>
> When a client want to use my application, the browser asks him to choose
> a valid certificate, but perhaps he hasn't a valid one. If he doesn't
> have a certificate, the client authentication can't be done, so my
> application is never invoked. O.K.
>
> So, the browser shows a "page not found error", wich isn't one of my
> application's customized error pages (as my application have never been
> invoked). How can i customize that error page, in order to show
> something like "you need a valid certificate"?
>
> I've created my own ErrorReportValve, used in the
> "errorReportValveClass" directive of the Host in my tomcat's server.xml.
> But it also seems not being invoked...
>
> Any help will be useful, thanks in advice,
>
> Carlos
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
