Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easier access to invalid client certificates #6067

Open
sbordet opened this issue Mar 17, 2021 · 3 comments
Open

Easier access to invalid client certificates #6067

sbordet opened this issue Mar 17, 2021 · 3 comments
Labels
Help Wanted

Comments

@sbordet
Copy link
Contributor

sbordet commented Mar 17, 2021

Jetty version
10.0.x

Description
During the TLS handshake, in case of needClientAuth, the client may send an invalid (e.g. expired) certificate.
The validation checks are performed by the TrustManager and if they fail there is no way to access the expired client certificate, for example in SslHandshakeListener.handshakeFailed(), as it is not exposed via SSLSession.getPeerCertificate(), etc.

The only option would be to wrap the TrustManager, but that requires subclassing SslContextFactory.Server and overriding getTrustManager(), whose signature is likely to change in light of #6054.

Would be great to have a more stable way to provide hooks into the TrustManager in a simpler way.
gregw added a commit that referenced this issue Mar 22, 2021
@gregw
Fix #6067 Protect from null local certificates
9261a89 
Fix #6067 Protect from null local certificates

Signed-off-by: Greg Wilkins <gregw@webtide.com>
@gregw gregw mentioned this issue Mar 22, 2021
Merged
@github-actions
Copy link

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the Stale For auto-closed stale issues and pull requests label Mar 18, 2022
@sbordet sbordet removed the Stale For auto-closed stale issues and pull requests label Mar 18, 2022
@github-actions
Copy link

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the Stale For auto-closed stale issues and pull requests label Mar 19, 2023
@sbordet sbordet removed the Stale For auto-closed stale issues and pull requests label Mar 19, 2023
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@github-actions github-actions bot added the Stale For auto-closed stale issues and pull requests label Mar 19, 2024
@sbordet sbordet added Help Wanted and removed Stale For auto-closed stale issues and pull requests labels Mar 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help Wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sbordet