|
Viewing Issue Simple Details
[ Jump to Notes ]
|
[ View Advanced ]
[ Issue History ]
[ Print ]
|
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
|
0001185 |
[Resin] |
minor |
always |
06-06-06 11:45 |
07-10-06 08:17 |
|
|
Reporter |
mattp |
View Status |
public |
|
|
Assigned To |
ferg |
|
Priority |
normal |
Resolution |
fixed |
|
|
Status |
closed |
|
Product Version |
3.0.14 |
|
|
Summary |
0001185: Client certs handled differently in ISAPI vs. OpenSSL |
|
Description |
From the Servlet 2.4 spec: "If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate. The order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on."
When using IIS to terminate SSL and pass the request to Resin through the ISAPI plugin, a client certificate is passed, as expected, in the [0] element of an array in the javax.servlet.request.X509Certificate attribute. When using OpenSSL and the Resin HTTP server, however, the first element is another array of type java.security.cert.X509Certificate. That is, to get the client certificate, you have to get [0][0] from the request attribute, not [0]. |
|
Additional Information |
Through IIS: javax.servlet.request.X509Certificate = [ [ Version: V3 Subject: EMAILADDRESS=mattp@lokitech.com, EMAILADDRESS=mpangaro@lokitech.com, CN=Thawte Freemail Member Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 2048 bits modulus: 21514686517090528411649551774814907080844238914694376404666355147501863449379083846792209969282184869747409683460978393778273272305588713045516239481021092989544257204305158806431577786627766690992233718295712795335550911592154764762336817045746761845670298017683959266740025301187508326437442679968033379322301502395177465814753002899670637652269958451446052634553101148589185127381260970374479762133960565946049032417067672672172859629644978378419370176591690331265403882841127743512768351580853965739537025800004881652818674854625095603310405606420741989949038504484454731957200139402137054347634884651208488554129 public exponent: 65537 Validity: [From: Sat Oct 08 15:12:05 EDT 2005, To: Sun Oct 08 15:12:05 EDT 2006] Issuer: CN=Thawte Personal Freemail Issuing CA, O=Thawte Consulting (Pty) Ltd., C=ZA SerialNumber: [ 0f9ddb] Certificate Extensions: 2 [1]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ [RFC822Name: mpangaro@lokitech.com, RFC822Name: mattp@lokitech.com]] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] ] Algorithm: [MD5withRSA] Signature: 0000: BF 80 05 60 2B F6 7D 33 F3 8D 18 21 58 7A 00 FF ...`+..3...!Xz.. 0010: 73 12 A0 21 D5 58 88 03 DD 18 2F C9 45 54 CE 91 s..!.X..../.ET.. 0020: 80 EC 31 AA E7 8E A9 DD AB 6F 30 19 54 71 CF F3 ..1......o0.Tq.. 0030: 85 23 4C 1F F8 99 58 67 EA C8 8C B6 EB C1 E2 77 .#L...Xg.......w 0040: CA 55 37 81 09 10 B3 BF D5 65 7B 6A A9 A3 36 E9 .U7......e.j..6. 0050: 9D AD AA 7E D2 3E 5D 87 7D 6D 7A 8E 71 0A D7 6D .....>]..mz.q..m 0060: 8A 86 FB 8F 9F 2B 9C 99 1B 69 AD F7 F9 40 88 0C .....+...i...@.. 0070: 52 6C 1B 18 DA 3E 4B D9 DB D7 5B 00 E4 4A 2A 79 Rl...>K...[..J*y ]
Through OpenSSL: javax.servlet.request.X509Certificate = [Ljava.security.cert.X509Certificate;@9faafc
And the [0] element of that array = [ [ Version: V3 Subject: EMAILADDRESS=mattp@lokitech.com, EMAILADDRESS=mpangaro@lokitech.com, CN=Thawte Freemail Member Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 2048 bits modulus: 21514686517090528411649551774814907080844238914694376404666355147501863449379083846792209969282184869747409683460978393778273272305588713045516239481021092989544257204305158806431577786627766690992233718295712795335550911592154764762336817045746761845670298017683959266740025301187508326437442679968033379322301502395177465814753002899670637652269958451446052634553101148589185127381260970374479762133960565946049032417067672672172859629644978378419370176591690331265403882841127743512768351580853965739537025800004881652818674854625095603310405606420741989949038504484454731957200139402137054347634884651208488554129 public exponent: 65537 Validity: [From: Sat Oct 08 15:12:05 EDT 2005, To: Sun Oct 08 15:12:05 EDT 2006] Issuer: CN=Thawte Personal Freemail Issuing CA, O=Thawte Consulting (Pty) Ltd., C=ZA SerialNumber: [ 0f9ddb] Certificate Extensions: 2 [1]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ [RFC822Name: mpangaro@lokitech.com, RFC822Name: mattp@lokitech.com]] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] ] Algorithm: [MD5withRSA] Signature: 0000: BF 80 05 60 2B F6 7D 33 F3 8D 18 21 58 7A 00 FF ...`+..3...!Xz.. 0010: 73 12 A0 21 D5 58 88 03 DD 18 2F C9 45 54 CE 91 s..!.X..../.ET.. 0020: 80 EC 31 AA E7 8E A9 DD AB 6F 30 19 54 71 CF F3 ..1......o0.Tq.. 0030: 85 23 4C 1F F8 99 58 67 EA C8 8C B6 EB C1 E2 77 .#L...Xg.......w 0040: CA 55 37 81 09 10 B3 BF D5 65 7B 6A A9 A3 36 E9 .U7......e.j..6. 0050: 9D AD AA 7E D2 3E 5D 87 7D 6D 7A 8E 71 0A D7 6D .....>]..mz.q..m 0060: 8A 86 FB 8F 9F 2B 9C 99 1B 69 AD F7 F9 40 88 0C .....+...i...@.. 0070: 52 6C 1B 18 DA 3E 4B D9 DB D7 5B 00 E4 4A 2A 79 Rl...>K...[..J*y ] |
|
|
Attached Files |
|
|
|
Relationships 
