search

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
355 stars 133 forks source link

Tomcat JSS ignores clientAuth setting #870

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #299. Originally filed by edewata (@edewata) on 2012-08-16 22:44:28:

Tomcat 7 JSS does not read the clientAuth setting correctly from server.xml.

The code JSSSocketFactory.java:405-407 will always produce a null value.

// MUST look for "clientauth" (ALL lowercase) since "clientAuth"
// (camel case) has already been processed by Tomcat 7
String clientAuthStr = (String)endpoint.getAttribute("clientauth");

The correct way should be:

String clientAuthStr = endpoint.getClientAuth();

Note that this change will have a side effect. Previously when a user opens the EE page via SSL the server will not prompt for the client certificate. After fixing this the server will prompt for client certificate since the clientAuth is set to "want".

pki-bot commented 3 years ago

Comment from edewata (@edewata) at 2017-02-27 14:11:52

Metadata Update from @edewata: