DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35229>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35229 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | ------- Additional Comments From [EMAIL PROTECTED] 2005-12-09 21:46 ------- OK, here comes a proposal: 1) in org.apache.coyote.http11.Http11Processor.action() in ... } else if (actionCode == ActionCode.ACTION_REQ_SSL_CERTIFICATE) { if( sslSupport != null) { /* * Consume and buffer the request body, so that it does not * interfere with the client's handshake messages */ InputFilter[] inputFilters = inputBuffer.getFilters(); ((BufferedInputFilter) inputFilters[Constants.BUFFERED_FILTER]) .setLimit(maxSavePostSize); inputBuffer.addActiveFilter (inputFilters[Constants.BUFFERED_FILTER]); try { Object sslO = sslSupport.getPeerCertificateChain(true); if( sslO != null) { request.setAttribute (SSLSupport.CERTIFICATE_KEY, sslO); } } catch (Exception e) { log.warn(sm.getString("http11processor.socket.ssl"), e); //todo: HERE you need to throw that exception again! } } 2) in interface org.apache.coyote.ActionHook.action(ActionCode actionCode, Object param) an exception must be thrown! 3) in org.apache.catalina.authenticator.SSLAuthenticator.authenticate(Request request, Response response, LoginConfig config) , after request.getCoyoteRequest().action( ActionCode.ACTION_REQ_SSL_CERTIFICATE, null); in the catch-block put the exception into the request: possibly something like request.getCoyoteRequest().setAttribute( "SSLAuthenticator-Exception", e); then return "true" otherwise, the web-application programmer will never see it. Then, back in the web-application, we could analyze the exception and display an appropriate i18n error message. I guess the challenge will be to make this fail-safe: how do we prevent the negligent web-application programmer from believing the client cert auth was successful -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
