I have vertx stomp server that should authenticate an encrypted connection with a client certificate or if not provided authenticate with a user name / password.
It works meaning I am able to accept encrypted connections when cert is provided and also when no cert is provided by the client. The problem is that on the server I am unable to determine if the client has sent a cert or has not sent a cert. Does anyone know how this can be done?
To me it looks the like the problem is that
https://vertx.io/docs/apidocs/io/vertx/ext/stomp/StompServerConnection.html and it's implementation StompServerTCPConnectionImpl.java is overly restrictive in that it doesn't allow to access the NetSocket, so there is no way to look at the certificate. The handler gets a ServerFrame, from that you can get the connection, but from the connection you cannot get the socket and you would need the socket to look at the certificate. You need the certificate to determine if it cares about he username or password.
I have vertx stomp server that should authenticate an encrypted connection with a client certificate or if not provided authenticate with a user name / password.
When I set clientAuth to REQUEST it works.
See: https://vertx.io/docs/apidocs/io/vertx/core/http/ClientAuth.html#REQUEST
It works meaning I am able to accept encrypted connections when cert is provided and also when no cert is provided by the client. The problem is that on the server I am unable to determine if the client has sent a cert or has not sent a cert. Does anyone know how this can be done?
To me it looks the like the problem is that
https://vertx.io/docs/apidocs/io/vertx/ext/stomp/StompServerConnection.html and it's implementation StompServerTCPConnectionImpl.java is overly restrictive in that it doesn't allow to access the NetSocket, so there is no way to look at the certificate. The handler gets a ServerFrame, from that you can get the connection, but from the connection you cannot get the socket and you would need the socket to look at the certificate. You need the certificate to determine if it cares about he username or password.