-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Easier access to invalid client certificates #6067
Comments
Fix #6067 Protect from null local certificates Signed-off-by: Greg Wilkins <gregw@webtide.com>
This issue has been automatically marked as stale because it has been a |
This issue has been automatically marked as stale because it has been a |
This issue has been automatically marked as stale because it has been a |
Jetty version
10.0.x
Description
During the TLS handshake, in case of
needClientAuth
, the client may send an invalid (e.g. expired) certificate.The validation checks are performed by the
TrustManager
and if they fail there is no way to access the expired client certificate, for example inSslHandshakeListener.handshakeFailed()
, as it is not exposed viaSSLSession.getPeerCertificate()
, etc.The only option would be to wrap the
TrustManager
, but that requires subclassingSslContextFactory.Server
and overridinggetTrustManager()
, whose signature is likely to change in light of #6054.Would be great to have a more stable way to provide hooks into the
TrustManager
in a simpler way.The text was updated successfully, but these errors were encountered: