https://issues.apache.org/bugzilla/show_bug.cgi?id=49335
--- Comment #2 from Mark Thomas <ma...@apache.org> 2010-05-25 04:20:52 EDT ---
(In reply to comment #1)
> Is it reproducible in 7.0 RC3 only, or in 6.0.x as well?
Both. Given that the mod_jk logs showed that no certificate was being sent,
this is expected.
> Is Tomcat running with 32-bit or 64-bit JRE? Is Tomcat-Native used?
Not relevant. This isn't an AJP connector issue.
> Does this certificate fit into a single AJP packet, along with other request
> headers? Sure that it does fit, because otherwise there must be an error
> logged.
Yes, else a) there would be an error and b) mod_proxy_ajp wouldn't work either.
> What JkOptions directives are used in the configuration?
The bare minimum:
JkWorkersFile conf/workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
Non-SSL requests work without issue.
The relevant parts of the SSL virtual host are:
<Location /bugs-tc5/bug37869.jsp >
SSLVerifyClient require
</Location>
This works:
ProxyPass /bugs-tc5/bug37869.jsp ajp://localhost:8009/bugs-tc5/bug37869.jsp
This fails:
JkMount /bugs-tc5/bug37869.jsp worker1
That JSP is configured on the Tomcat side to require SSL, require a specific
client certificate and to display the DN of the supplied cert.
With mod_proxy_ajp everything works.
With mod_jk no certificate is present in the request received by Tomcat. This
has been verified a) bu reviewing the mod_jk logs, b) debugging Tomcat parsing
the AJP request.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
