[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Propagating SSL errors to the application
|
*
I resolved that in Tomcat changing the SSL renegotiation handshake
option from Required to Optional. Unfortunately, this was not an option
or parameter, so I had to override some classes involved in SSL
renegotiation
This way, if the client didn't have any certificate (or he cancelled
certificate selection) I still could get the request and control that
case (redirecting to a custom page, etc.)
I tried somethig similar in Jetty 9, but AFAIK SSL renegotiation is not
implemented.
I tried adding a new SSL handshake in ClientCertAuthenticator and it
works (calling SSLEngine.setWantClientAuth(true) and
SSLEngine.beginHandshake), but the renegotiation is not working right
and fails half of the times. I explained it here:
http://dev.eclipse.org/mhonarc/lists/jetty-users/msg03093.html
Hope it helps.
*
El 14/03/2013 17:53, Joakim Erdfelt escribió:
That would be a bit tough...
As you need to establish a proper SSL connection in order to even talk
HTTP.
If the SSL connection fails, there's no HTTP exchange, hence no way to
respond.
--
Joakim Erdfelt <joakim@xxxxxxxxxxx <mailto:joakim@xxxxxxxxxxx>>
On Thu, Mar 14, 2013 at 9:49 AM, Maarten Koopmans
<maarten@xxxxxxxxxxxx <mailto:maarten@xxxxxxxxxxxx>> wrote:
Hi,
I have a SSL-protected application (client certificates) in Jetty
8, where I do some custom logic with client certificates from the
application layer.
Is there a way to propagate and catch the errors like SSL
handshakes etc. to the application/war, so I can provide
user-friendly feedback to my end users?
A typical error case:
1- REST client tries to connect with client certificate
2- SSL error, say we don't have the CA in our trust chain
3- blurb follows
I'd like to catch 2 so I can "massage" 3. Is there a way to write
a filter/handler/whatnot/... to do this.
Any thoughts, pointers our feedback greatly appreciated!
Thanks,
Maarten
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx <mailto:jetty-users@xxxxxxxxxxx>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users