Hello all, I posted a question in the user forum asking about a way to avoid one problem derived from using a XML for the configuration of the server. Somehow it may not be the place to post it, because it is more based on the development of the server (may be an issue) than the configuration of it. The question was the following:
"In order to secure communications between a browser and the web server I'm using tomcat with a SSL connector. This connector takes the server certificate from a Smartcard (so I'm using a PKCS11 keystore type). The problem is that, as I'm accessing it in Windows, I have to link it to a dll file, and this causes troubles. I have found a little but really annoying one. When accessing the Smartcard, java can take all keys, but then alias name is not, for example, "tomcat" but "tomcat\0" (where \0 is the char 0). I suppose this is because the dll uses pchar or something like this. So, when I configure Tomcat to use keyalias="tomcat", it cannot find it (internally, what the keystore contains is "tomcat\0"). I'm forced to not specify a keyalias so it uses the first one in the card. But I cannot assure the first one is the one tomcat has to use (it is possible someone is going to import more certificates in the card in the future). Is there a way to avoid the \0 problem? (XML does not allow to specify this character)" I've been reading the code of Tomcat 5.5.25, and I've found in class JSSE14SocketFactory (line 110) what I think is the code used to access to the key with the alias specified. What I propose is one of the following: 1.- Allow a mask in the attribute value (like \0, \1, \2...) to specify special characters (this substrings would be replace in the code that reads the attribute). 2.- Allow the access to a key by its position in the keystore. In the project I'm working just now, I need something like this urgently, so I'll have to do it myself, but I will not be able to update Tomcat without studying and aplying this patch again. I let to your consideration the possibility of implementing this (I think it is simple enough to not generate a lot of work) in future versions. Thank you all :)
