https://issues.apache.org/bugzilla/show_bug.cgi?id=48208
Luciana Moreira <more...@privasphere.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |
--- Comment #4 from Luciana Moreira <more...@privasphere.com> 2011-01-31
11:20:59 EST ---
Hello Mark.
I do understand your point. Our application has a particular way of enforcing
client authentication and authorization through an application level
verification of the client certificates.
Opening the possibility for every application to accept any certificates may
not be the best approach and lead to security problems to other applications
that not necessarily will have the same policy as we do. Nevertheless, I did
like your idea of allowing to specify the trustmanager's class.
I have implemented this idea, but I haven't had the time to test this code. But
I believe it should work (famous last words). In any case it gives a good idea
of how to structure the code in a way to allow proprietary TrustManagers.
I have taken the liberty to re-open the bug for your evaluation. I believe this
can be an interesting addition to tomcat.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
