pki-bot / pki-issues-final

0 stars 0 forks source link

Tomcat JSS ignores clientAuth setting #298

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #299. Originally filed by edewata (@edewata) on 2012-08-16 22:44:28:


Tomcat 7 JSS does not read the clientAuth setting correctly from server.xml.

The code JSSSocketFactory.java:405-407 will always produce a null value.

// MUST look for "clientauth" (ALL lowercase) since "clientAuth"
// (camel case) has already been processed by Tomcat 7
String clientAuthStr = (String)endpoint.getAttribute("clientauth");

The correct way should be:

String clientAuthStr = endpoint.getClientAuth();

Note that this change will have a side effect. Previously when a user opens the EE page via SSL the server will not prompt for the client certificate. After fixing this the server will prompt for client certificate since the clientAuth is set to "want".

pki-bot commented 4 years ago

Comment from edewata (@edewata) at 2017-02-27 14:11:52

Metadata Update from @edewata: