Markus wrote: > Mark: > Thank you for your link to the archive. It was my fault using the > UserDatabase realm > instead of the MemoryRealm. I'm, using tomcat 5.0.28 - is it still the > case in 5.5.x > that you MUST use the MemoryRealm for clientcert authentication?
All realms should work with CLIENT-CERT. If they don't file a bug report and I'll look into it. > 3) When there is NO client certificate I get: > > HTTP Status 400 - No client certificate chain in this request > > 400 usually stands for a bad request or bad syntax. I believe in this case 401 > should be the appropriate reply. Hmm. I guess this could be debatable. > Is there any way to adjust the HTTP Status code for failed client-cert > authentication? No configuration option. I suspect it would require code changes. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]