-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David,
On 8/7/15 11:37 AM, David Balažic wrote: > I use tomcat 6.0.44 wit APR on Windows x64. I set up > SSLVerifyClient="optional" and since then encounter the following > problem with Firefox 39.0.03 (IE works OK): > > On first access Firefox shows the client certificate selection > dialog. I select a certificate and continue. The web application > "sees" the selected certificate and show a proper response page. > But on next access (I click a link) the client certificate is not > visible to the application any more. It gets null from the method > call > HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate ") > > Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869 > (similar) And http://grokbase.com/t/tomcat/users/102pdv412y " > [Tomcat-users] Client certificate gone after 1 minute timeout (SSL, > APR)" (even more similar, except for me it fails on next access > without a minute of waiting) As suggested in the second link, > clearing cache and authentication in the browser is a workaround > that works. Kind of as one has to select the certificate again and > do it before every click on a link. > > Strange, just now it worked fine for a few minutes. > > Is this some known issue? > > Without APR, using JSSE, it works fine (and did so for years). > > This started after upgrading yesterday tomcat from 6.0.35_x64 (no > APR) to apache-tomcat-6.0.44-windows-x64.zip (with or without > APR). I start tomcat from Eclipse, using JRE 1.6.0_45 (each 64 bit > version). > > Firefox version 39.0, today updated to 39.0.3 > > The Connector line from server.xml: > > <Connector SSLCACertificateFile="C:/CA_list.pem" > SSLCertificateFile="C:/key_public.pem" > SSLCertificateKeyFile="C:/key_private.pem" SSLEnabled="true" > SSLPassword="changeit" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" > SSLVerifyClient="optional" URIEncoding="UTF-8" maxThreads="150" > port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" > scheme="https" secure="true" /> Quick question: this is with Tomcat only and no httpd out in front, righ t? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVxfcMAAoJEBzwKT+lPKRYSyUQAK+mRJXFuRE2snlnMI+AqkKw R9gDYJ033fCr25ltrrF6a4kft8q4GkjzHyKHiffe6T9iYnSjiZJMNGRwVz/StIqV ri5UQ8DxEg3TjC3x1NLzbyyzkCGaCNT6fUW1esjFehtQbsbvXezDQbLKy+c1UR39 38mjXEaurMnfLt/yCkssoluFRqmToyHbTALBZzcivKo1FkMTDRB/+zL/CbGv+beX Nmse1nt9MNN3s3THAhp8GI3Zd6CHmzYDYBHVMXUol3EA8RexhuKP+tCd4MJ9H1cz /dPG2RxjbXjYKmu27K/n0IBVpzS+IxenT6CVZrwUArB5MqEVcar4OVNqi6N7zDBU dlR9rK5PKWk+EcavINoBTDeA/e5A8gfnjJGcGCXgtNVWYTFcXFztN9KsfWFytmJA +xkrLqg+2KX8Dd/1Ez/3lI2MY/gTLXOdSxDFncloG7jS10D8ccnhnth6c+Ngf1IJ fEQk+SaxHg/Er92/bAGVXoPLDeZk+dIcOnbaBVrncvuGmuXM0q4q/CGgTJSGk3RE BAHd+r8S1nTLfOTYKNSFxk6Lbs5EU2PgCMFa8VFOd1OeM0PrgGwWoqpgbK3NPhw/ PBXa23Fxp9jHUVLtnr6QWn8Wmuq5blKVnkKyMTgSe+gnGLb+TUIHZCTkkoWvsEhg Vy5GFQ2jLYPkGRa46xk2 =h7QZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org