Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly handle optional client auth on the client #567

Merged
merged 2 commits into from
Aug 22, 2023
Merged

Correctly handle optional client auth on the client #567

merged 2 commits into from
Aug 22, 2023

Conversation

normanmaurer
Copy link
Member

Motivation:

When client auth is optional we must not fail the handshake on the client side when no keymanager was configured on the client side.

Modifications:

  • Fix handling on the client-side
  • Add testcase
  • Fix test

Result:

Fixes #566

@normanmaurer
Correctly handle optional client auth on the client
688fd10 
Motivation:

When client auth is optional we must not fail the handshake on the client side when no keymanager was configured on the client side.

Modifications:

- Fix handling on the client-side
- Add testcase
- Fix test

Result:

Fixes #566
@normanmaurer normanmaurer added this to the 0.0.50.Final milestone Aug 21, 2023
@normanmaurer normanmaurer mentioned this pull request Aug 21, 2023
Closed
ramidzkh
ramidzkh reviewed Aug 21, 2023
View reviewed changes
...c-classes-quic/src/main/java/io/netty/incubator/codec/quic/BoringSSLCertificateCallback.java Outdated
@@ -102,8 +102,7 @@ long[] handle(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals,

try {
if (keyManager == null) {
engineMap.remove(ssl);
return null;
return new long[] { 0, 0 };
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if there is a keyManager but it doesn't contain applicable valid key for the requested issuers (selectKeyMaterialClientSide below returning null)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch... fixing as we speak

@normanmaurer
Copy link
Member Author

@ramidzkh PTAL again

ramidzkh
ramidzkh approved these changes Aug 22, 2023
View reviewed changes
Copy link

@ramidzkh ramidzkh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also fixes my example in #566

@normanmaurer normanmaurer merged commit bd4fd4a into main Aug 22, 2023
@normanmaurer normanmaurer deleted the auth_optional branch August 22, 2023 06:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ramidzkh ramidzkh ramidzkh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.0.50.Final
Development

Successfully merging this pull request may close these issues.

Optional client authentication throws SSLHandshakeException
2 participants
@normanmaurer @ramidzkh