rmaucher commented on PR #888: URL: https://github.com/apache/tomcat/pull/888#issuecomment-3252717521
Ok so this needs some work (if this is done like that at least for OpenSSL, then definitely it should not be creating a second SSLContext), cleanup and testing, but ok. Thanks for testing that OpenSSL can work that way, it's easy. No idea about JSSE. Ultimately, I still think Tomcat should be processing the client hello, find client supported groups, see what cert types are configured, and send to the appropriate SSLContext. This gives more control, but it's a lot more complex (we need group configuration, but here we clearly don't). But I would say we can integrate this "hack" (although maybe it's not a hack, time will tell) for now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
