From e22629e06d029455be06f17e56c9685643d02002 Mon Sep 17 00:00:00 2001 From: remm Date: Mon, 18 Dec 2006 23:16:46 +0000 Subject: [PATCH] - 37869: Also use the SSL_INFO_CLIENT_CERT field if the chain is empty. - Submitted by Grzegorz Grzybek. git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk@488453 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/coyote/http11/Http11AprProcessor.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/java/org/apache/coyote/http11/Http11AprProcessor.java b/java/org/apache/coyote/http11/Http11AprProcessor.java index 8d05ae792..ccb3095f1 100644 --- a/java/org/apache/coyote/http11/Http11AprProcessor.java +++ b/java/org/apache/coyote/http11/Http11AprProcessor.java @@ -1145,6 +1145,15 @@ public class Http11AprProcessor implements ActionHook { ByteArrayInputStream stream = new ByteArrayInputStream(data); certs[i] = (X509Certificate) cf.generateCertificate(stream); } + } else if (certLength == 0) { + byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT); + if (data != null) { + certs = new X509Certificate[1]; + CertificateFactory cf = + CertificateFactory.getInstance("X.509"); + ByteArrayInputStream stream = new ByteArrayInputStream(data); + certs[0] = (X509Certificate) cf.generateCertificate(stream); + } } if (certs != null) { request.setAttribute @@ -1192,6 +1201,15 @@ public class Http11AprProcessor implements ActionHook { ByteArrayInputStream stream = new ByteArrayInputStream(data); certs[i] = (X509Certificate) cf.generateCertificate(stream); } + } else if (certLength == 0) { + byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT); + if (data != null) { + certs = new X509Certificate[1]; + CertificateFactory cf = + CertificateFactory.getInstance("X.509"); + ByteArrayInputStream stream = new ByteArrayInputStream(data); + certs[0] = (X509Certificate) cf.generateCertificate(stream); + } } if (certs != null) { request.setAttribute -- 2.11.0