[Bug 56825] AuthenticatorBase not looking for Coyote Request certificate

Wed, 03 Sep 2014 17:18:28 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=56825

Konstantin Kolinko <knst.koli...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #8 from Konstantin Kolinko <knst.koli...@gmail.com> ---
Re-reviewing the changes in Tomcat 7 (revisions r1617447 r1620827 and r1622328
) I have a question.

There exists ActionCode.REQ_SSL_ATTRIBUTE.

The method org.apache.catalina.connector.Request.getAttribute() does

  "if (isSSLAttribute(name))
      coyoteRequest.action(ActionCode.REQ_SSL_ATTRIBUTE, ...)"

This action populates the "javax.servlet.request.X509Certificate" attribute
(aka Globals.CERTIFICATES_ATTR).

I mean that it is effectively equivalent to the new API of using
ActionCode.REQ_SSL_CERTIFICATE with parameter Boolean.FALSE.

> When using Tomcat SSL coyote connector, the request does not by default 
> contain
> the certificate chain under the key javax.servlet.request.X509Certificate
>
> The following coyote action must be invoked in order to extract the 
> certificate
> chain and enrich the request under the right key.

Is the above really true? Why was the old code not working properly? Was all
this fix really needed? Was the new API really needed?

I did the following at tc7.0.x\trunk:
I reverted to the state before those fixes and updated the tests to their
current versions:

svn up -r 1617446
cd test/org/apache/tomcat/util/net
svn up TestClientCert.java
svn up TesterSupport.java

Then I run test.entry=org.apache.tomcat.util.net.TestClientCert test with BIO,
NIO, APR (java.7.home=JDK 7u67).

Results are:
1) With APR the tests were skipped,
 "SKIPPED: SSL renegotiation has to be supported for this test"
2) With BIO and NIO the tests passed.

So it looks like there was no issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to