Mark,
On 15.11.2015 13:42, Mark Thomas wrote:
* SSLTest also reports that APR/native does not serve full certificate
chain; instead, it serves only server certificate. The same APR config
serves full chain with Tomcat 8.0.28 + Native 1.2.2, so it seems to be a
regression. Not serving full chain might be a problem for some clients
-- browsers will probably work, but other clients may fail to establish
TLS connection.
Hmm. I'm sure this was working at one point. I'll retest it.
Tomcat 8 docs lists APR Connector attribute "SSLCertificateChainFile"
[1]. Tomcat 9 docs, does not list such attribute (neither in "SSL
Support - SSLHostConfig", "SSL Support - Certificate" nor "SSL Support -
Connector - APR/Native (deprecated)"). I also check the class
SSLHostConfigCertificate, and couldn't find a field for the chain.
-Ognjen
[1]
http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#SSL_Support_-_APR/Native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
