https://bz.apache.org/bugzilla/show_bug.cgi?id=63894
Bug ID: 63894
Summary: SLHostConfig certificateVerification="optionalNoCA"
certificateVerificationDepth="6" doesn't work
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: jfcl...@gmail.com
Target Milestone: -----
When trying to set certificateVerification="optionalNoCA"
certificateVerificationDepth="6" in SSLHostConfig I have noted that
verification is always 2 and the depth 10.
Basically I printed it in SSL_callback_SSL_verify() in native/src/sslutils.c
and I don't get the optionalNoCA nor 6.
According to my traces:
In sslcontext.c setVerify level 3 depth 6
In SSL.c setVerify Level: 1 DeptH: 10
In SSL.c setVerify Level: 1 DeptH: 10
So the value is set properly and later overwritten twice :-(
My configuration is:
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig certificateVerification="optionalNoCA"
certificateVerificationDepth="6" caCertificateFile="/etc/pki/CA/cacert.pem">
<Certificate
certificateKeyFile="/home/jfclere/NOTES/APACHECONNA2019/httpdssl/jfcpc_newkey.pem"
certificateFile="/home/jfclere/NOTES/APACHECONNA2019/httpdssl/jfcpc_newcert.pem"
certificateKeyPassword="adelina"
type="RSA" />
</SSLHostConfig>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
