mtls not working with http/3 #11892

abvaidya · 2024-06-09T00:19:25Z

Jetty version(s)
Jetty 12.0.10

Jetty Environment
ee10

Java version/vendor (use: java -version)
openjdk version "17.0.11" 2024-04-16
OpenJDK Runtime Environment Temurin-17.0.11+9 (build 17.0.11+9)
OpenJDK 64-Bit Server VM Temurin-17.0.11+9 (build 17.0.11+9, mixed mode)

OS type/version
Mac OS Sonoma 14.5

Description

The server is started on http/2 and http/3 on the same port. http/2 works perfectly fine where client certificate is available at X509Certificate[] certs = (X509Certificate[]) request.getAttribute("jakarta.servlet.request.X509Certificate");
when the request is made over http/3, request attributes are null.

How to reproduce?
Start a server on http/3 and set needClientAuth(true)

The text was updated successfully, but these errors were encountered:

The client certificate is now exposed in QuicheConnection, so that it can be returned by QuicStreamEndPoint.getSslSessionData(). Not much else is exposed by Quiche, so not much else that we can provide to applications, for example no TLS session id, no cipher suite, etc. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

sbordet · 2024-06-10T15:26:29Z

@abvaidya we have a fix for the client certificate (only the last in the chain) in #11900.

Unfortunately, there is not much else exposed by Quiche, so let us know if you need more.

If you do, then the ball goes into Quiche court to expose more information, and until then, we cannot do more.

abvaidya · 2024-06-10T22:27:45Z

Thank you for the quick turnaround. Will give it a shot.

The client certificate is now exposed in QuicheConnection, so that it can be returned by QuicStreamEndPoint.getSslSessionData(). Not much else is exposed by Quiche, so not much else that we can provide to applications, for example no TLS session id, no cipher suite, etc. Fixed --enable-native-access command line option to run tests, as the foreign dependency is in the class-path. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

abvaidya added the Bug For general bugs on Jetty side label Jun 9, 2024

sbordet self-assigned this Jun 10, 2024

sbordet added this to 🧊 Jetty 12.0.11 - FROZEN Jun 10, 2024

sbordet moved this to 🏗 In progress in 🧊 Jetty 12.0.11 - FROZEN Jun 10, 2024

sbordet linked a pull request Jun 10, 2024 that will close this issue

Fixes #11892 - mtls not working with http/3. #11900

Merged

sbordet closed this as completed in #11900 Jun 12, 2024

github-project-automation bot moved this from 🏗 In progress to ✅ Done in 🧊 Jetty 12.0.11 - FROZEN Jun 12, 2024

sbordet mentioned this issue Jun 13, 2024

SecureRequestCustomizer() for HTTP3 #11855

Closed

olamy mentioned this issue Sep 29, 2024

Jetty 12.1.x add Eclipse dash too usagee #12325

Merged

olamy mentioned this issue Oct 17, 2024

jetty 12.1.x merge 12.0 #12400

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

mtls not working with http/3 #11892

mtls not working with http/3 #11892

abvaidya commented Jun 9, 2024

sbordet commented Jun 10, 2024

abvaidya commented Jun 10, 2024

mtls not working with http/3 #11892

mtls not working with http/3 #11892

Comments

abvaidya commented Jun 9, 2024

sbordet commented Jun 10, 2024

abvaidya commented Jun 10, 2024