Bug 53459

Summary: clientAuth="optional" not documented - is it valid?
Product: Tomcat 7 Reporter: Sebb <sebb>
Component: DocumentationAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Sebb 2012-06-23 13:55:53 UTC 
The file ssl-howto.xml includes the line

  clientAuth="optional" SSLProtocol="TLSv1"/&gt;

However, the corresponding description of the clientAuth parameter in config/http.xml does not mention "optional" as a possible parameter value, only "true", "false", "want".

The code in util.net.jsse.JSSESocketFactory only checks for

"true", "yes" and "want"; AFAICT everthing else is treated as "false".

It looks like the entry in ssl-howto.xml is wrong.

Also, perhaps the description in http.xml should include "yes" as an alias for "true".
Comment 1 Mark Thomas 2012-06-25 17:00:37 UTC 
JSSE != APR/native as is made clear in the docs.
Comment 2 Mark Thomas 2012-06-25 17:01:56 UTC 
Grr. Why is it that the problem becomes obvious the second you hit save changes? "optional" is correct in this case since this is APR but the attribute name is wrong.
Comment 3 Mark Thomas 2012-06-25 19:30:00 UTC 
Fixed in trunk and 7.0.x and will be included in 7.0.29 onwards.