https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
--- Comment #5 from Mark Thomas ---
I've found the root cause. There were some changes in the build scripts between
1.1.x and 1.2.x that meant OCSP was always enabled. Validation with
optionalNoCA always fails if OCSP is enabled.
I plan to com
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
--- Comment #4 from Mark Thomas ---
Whatever is going wrong is going wrong in OpenSSL. Don't know where the root
cause is at the moment but the error is:
3648:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify
failed:.\s
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
--- Comment #3 from Mark Thomas ---
Results of further testing:
The following work:
OSX + Tomcat 9.0.x + OpenSSL 1.0.2h + APR 1.5.2 + tc-native 1.2.x + OSX client
OSX + Tomcat 9.0.x + OpenSSL 1.0.2h + APR 1.5.2 + tc-native 1.2.7 + OSX client
O
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
--- Comment #2 from Mark Thomas ---
I'm seeing the issue (or something very like it) with 1.2.7 and Tomcat trunk. I
spent a little time looking at the 1.1.x code vs 1.2.x but don't see any
obvious root causes. I plan to do some more investigati
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
Florian Kleedorfer changed:
What|Removed |Added
OS||All
--- Comment #1 from Florian K
