On 23/08/2013 12:28, Ja kub wrote: > Thx for response, > > Will it be developed in next releases of tomcat 7?
There are currently no plans to do so. > Or it won't because > there is no such need, and such issues should be handled some other way? It is simply a case that, to date, no one has wanted to solve this problem. Enhancement requests may be added to Bugzilla. As always, enhancement requests with patches tend to get implemented a lot faster than those without. Mark > If some other way is recommended, than how should such functionality be > handled? > > Regards > Jakub > > > On Fri, Aug 23, 2013 at 1:09 PM, Mark Thomas <ma...@apache.org> wrote: > >> On 23/08/2013 11:02, Ja kub wrote: >>> Hallo >>> >>> I use https with client cert authentication >>> >>> <Connector protocol="...Http11NioProtocol" SSLEnabled="true" >>> scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" >>> keystoreFile="...jks" key..Pass="..." keystoreType="JKS" >>> truststoreFile="...jks" trust..Pass=".." >>> /> >>> >>> AccessLogValve cannot be placed inservice, only in engine (host, >> context), >>> but if client has bad/untrusted cert or no cert at all, possibly >> connector >>> doesn't pass him to engine and to AccessLogValve. >>> >>> How can I log such access attempts with tomcat ? >> >> Out of the box there is no way to do this. >> >> There are a couple of ways you might do this with some custom code. >> >> You could implement a custom trust manager that logged failures although >> even then, the trust manager doesn't have access to the connection so >> you can't log IP address and the like. >> >> You could also modify the Tomcat connector code. All the endpoints >> trigger the handshake and then immediately disconnect of the handshake >> fails. It should be possible to log those failures although getting >> those entries into the access log would be a little trickier but not too >> bad looking at the source. >> >> Mark >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
