Bug 53459 - clientAuth="optional" not documented - is it valid?
Summary: clientAuth="optional" not documented - is it valid?
Alias: None
Product: Tomcat 7
Classification: Unclassified
Component: Documentation (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2012-06-23 13:55 UTC by Sebb
Modified: 2012-06-25 19:30 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Sebb 2012-06-23 13:55:53 UTC
The file ssl-howto.xml includes the line

  clientAuth="optional" SSLProtocol="TLSv1"/>

However, the corresponding description of the clientAuth parameter in config/http.xml does not mention "optional" as a possible parameter value, only "true", "false", "want".

The code in util.net.jsse.JSSESocketFactory only checks for

"true", "yes" and "want"; AFAICT everthing else is treated as "false".

It looks like the entry in ssl-howto.xml is wrong.

Also, perhaps the description in http.xml should include "yes" as an alias for "true".
Comment 1 Mark Thomas 2012-06-25 17:00:37 UTC
JSSE != APR/native as is made clear in the docs.
Comment 2 Mark Thomas 2012-06-25 17:01:56 UTC
Grr. Why is it that the problem becomes obvious the second you hit save changes? "optional" is correct in this case since this is APR but the attribute name is wrong.
Comment 3 Mark Thomas 2012-06-25 19:30:00 UTC
Fixed in trunk and 7.0.x and will be included in 7.0.29 onwards.