New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Want" two-way-ssl not containing SSL-Certificate is not checkable due to contract violation [SPR-16842] #21382

spring-issuemaster opened this Issue May 18, 2018 · 2 comments


None yet
2 participants
Copy link

spring-issuemaster commented May 18, 2018

Henning Vogt opened SPR-16842 and commented

If two-way-ssl is on "want" mode (as opposed to the stricter "need"), and client does not deliver a certificate, getSslInfo() does not work, since init method fails:

java.lang.IllegalArgumentException: No SSL certificates
	at org.springframework.util.Assert.notNull(
	at org.springframework.http.server.reactive.DefaultSslInfo.<init>(
	at org.springframework.http.server.reactive.ServletServerHttpRequest.initSslInfo(
	at org.springframework.http.server.reactive.AbstractServerHttpRequest.getSslInfo(

...but according to the description, it's supposed to work:

 * Return the SSL session information if the request has been transmitted
 * over a secure protocol including SSL certificates, if available.
 * @return the session information, or \{@code null} if none available
 * @since 5.0.2 */
 @Nullable default SslInfo getSslInfo() \{ return null; }


Affects: 5.0.5

Issue Links:

  • #21050 With two-way-ssl exchange.getRequest().getSslInfo() always null

Referenced from: commits 1e4a3a2, a158ff4


This comment has been minimized.

Copy link

spring-issuemaster commented May 18, 2018

Rossen Stoyanchev commented

What would you expect in this case, null SslInfo, or SslInfo with null peerCertificates?


This comment has been minimized.

Copy link

spring-issuemaster commented May 22, 2018

Henning Vogt commented

I'd expect null SslInfo, that's how I interpreted the documentation on first reading.

returning an Optional could make sense, too, but that would change the interface a bit too much, I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment