shibboleth-dev - Re: Tomcat and certificate validation for SSL
Subject: Shibboleth Developers
List archive
- From: Tom Scavo <>
- To: Scott Cantor <>
- Cc: Chad La Joie <>,
- Subject: Re: Tomcat and certificate validation for SSL
- Date: Tue, 14 Jun 2005 17:34:53 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=dXbOqYAhWhjHVBJpR5vZIvISGZ4M+Phmw2GN5T3pg1tBrvCeNlqAARJdej++Jrnu3hkN8+a+gIg7mhtQvLCGMANoJGDXnKo6uvxZzIIiFdsU1By71xgh/Jc0Bh7bv2wJDoIAE6nbf1Z310qGjetGCymu1niFSE79/dT3HCJ3p3Q=
On 6/14/05, Scott Cantor
<>
wrote:
> > Does the apache-tomcat connector populate this attribute?
>
> Yes.
So if the IdP finds the SP's cert in that attribute, everything is
fine? Does the IdP make any (implicit) assumptions regarding this
cert?
> We used to assume the certificate was valid, leaving it up to mod_ssl.
> Now we don't.
So now the certificate is validated twice? Once by mod_ssl and again
by the new trust validation code in the IdP?
> It strikes me that (and I think Chad's proposal is fine) after all that
> work, it's arguably simpler to just use Apache.
So what was the rationale for embedding trust validation in the IdP?
> Actually, I will argue it,
> and don't imagine I'd have any reason to stop.
That an apache frontend is best? Maybe, but I'm still not convinced...
Tom
- Re: Tomcat and certificate validation for SSL, (continued)
- Re: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Walter Hoehn, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
Archive powered by MHonArc 2.6.16.