Anyone with experience debugging SSL issues (with APR or from Firefox/Chrome side) ?
David Balažic > -----Original Message----- > From: David Balažic [mailto:david.bala...@comtrade.com] > Sent: 10. September 2015 14:58 > To: users@tomcat.apache.org > Subject: RE: Firefox SSL with APR - losing client certificate > Importance: Low > > Reported as Bug 58244 - two way SSL loses client certificate after a few > requests > > https://bz.apache.org/bugzilla/show_bug.cgi?id=58244 > > > David Balažic > > > -----Original Message----- > > From: David Balažic > > Sent: 7. August 2015 17:38 > > To: users@tomcat.apache.org > > Subject: Firefox SSL with APR - losing client certificate > > Importance: Low > > > > Hi! > > > > I use tomcat 6.0.44 wit APR on Windows x64. > > I set up SSLVerifyClient="optional" and since then encounter the following > > problem with Firefox 39.0.03 (IE works OK): > > > > On first access Firefox shows the client certificate selection dialog. I > > select a > > certificate and continue. The web application "sees" the selected > > certificate > > and show a proper response page. > > But on next access (I click a link) the client certificate is not visible > > to the > > application any more. It gets null from the method call > > HttpServletRequest.getAttribute("javax.servlet.request.X509Certificate") > > > > Goggole found https://bz.apache.org/bugzilla/show_bug.cgi?id=37869 > > (similar) > > And http://grokbase.com/t/tomcat/users/102pdv412y " [Tomcat-users] > > Client certificate gone after 1 minute timeout (SSL, APR)" > > (even more similar, except for me it fails on next access without a minute > of > > waiting) > > As suggested in the second link, clearing cache and authentication in the > > browser is a workaround that works. Kind of as one has to select the > > certificate again and do it before every click on a link. > > > > Strange, just now it worked fine for a few minutes. > > > > Is this some known issue? > > > > Without APR, using JSSE, it works fine (and did so for years). > > > > This started after upgrading yesterday tomcat from 6.0.35_x64 (no APR) to > > apache-tomcat-6.0.44-windows-x64.zip (with or without APR). > > I start tomcat from Eclipse, using JRE 1.6.0_45 (each 64 bit version). > > > > Firefox version 39.0, today updated to 39.0.3 > > > > The Connector line from server.xml: > > > > <Connector SSLCACertificateFile="C:/CA_list.pem" > > SSLCertificateFile="C:/key_public.pem" > > SSLCertificateKeyFile="C:/key_private.pem" > > SSLEnabled="true" SSLPassword="changeit" > > SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" > > SSLVerifyClient="optional" URIEncoding="UTF-8" maxThreads="150" > > port="8443" > > protocol="org.apache.coyote.http11.Http11AprProtocol" > > scheme="https" > > secure="true" /> > > > > > > Regards, > > David Balažic > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
