Unable to get client certs in requests with Jetty server.

[SuperStevenZ]

Hi, I'm trying to validate client certificates with the help of ring.adapter.jetty/run-server, and realize the key :ssl-client-cert is always nil for every request I send, even if I think I have passed the client certs correctly.

Server is started like the following:

(jetty/run-jetty app
                 {:client-auth :need
                  :join? false
                  :keystore "resources/server.jks"
                  :key-password "password"
                  :port 8080
                  :ssl? true
                  :ssl-port 443
                  :truststore "resources/client.jks"
                  :trust-password "password"})

I tried two ways to send requests:

1. through [clj-http "3.9.0"] library

   (clj-http.client/post "https://localhost/handler"
                     {:keystore "resources/client.jks"
                      :keystore-pass "password"
                      :trust-store "resources/server.jks"
                      :trust-store-pass "password"})

2. in order to rule out the possibilities of client bugs, I tried out curl as well. (server.pem and client.p12 are generated by following this post)

   curl --cacert server.pem --cert client.p12 -XPOST https://localhost/handler

Both requests will be received without problems, but neither of them has value under :ssl-client-cert key (they are all nils).

Another thing is, even if I set :client-auth as :need in my server opts, my requests will still pass without setting :keystore/:keystore-pass and --cert client.p12.

I tried to do some digging around this issue, and found out I might not be the only person who is affected by this.

1. An old thread back in 2012.
2. A recent issue in Aug. 2019 in clj-http lib.

Could anyone take a look at this issue? I'm happy to provide more information if needed.

Jetty server is running on openjdk 1.8.0_222.