Closed xiaoma0513 closed 2 weeks ago
sbordet
commented
2 weeks ago Sorry, but this is not a Jetty issue, but likely an IIS issue.
The Jetty client cannot force the send of the client certificate if the server does not request it. This is controlled by the OpenJDK TLS implementation, and there is nothing that Jetty can do.
xiaoma0513
commented
2 weeks ago Sorry, but this is not a Jetty issue, but likely an IIS issue.
The Jetty client cannot force the send of the client certificate if the server does not request it. This is controlled by the OpenJDK TLS implementation, and there is nothing that Jetty can do.
thanks for your commented
Jetty version(s)
Jetty Environment
Java version/vendor
(use: java -version)OS type/version
Description Our Jetty client is used to request the IIS web server. The ssl settings of the IIS web server is configured with require.
However, the client does not receive the Handshake Protocol: Certificate Request message during the handshake process,
Therefore, the client does not send the identity certificate to the IIS web server. As a result, the server authentication fails.The server error code is 403.7.
When we run the curl command to request the IIS web server and specify the identity certificate,
Like this curl --cert server.cer --pass: keypass --key server_key.pem -H "Content-Type: application/json" -X GET "https://1.1.1.1:443/XXX"
the client still does not receive the Handshake Protocol: Certificate Request, but the IIS web server receives the identity certificate from the client. When we capture and analyze the data packets, we do not see the packets that the client sends the certificate.
We try to use Python to send a request wiht the certificate. The result is the same as that of the curl command line. The server does not request the certificate or the client sends the certificate, but the server obtains the certificate information of the client.
How to reproduce?