-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
23
-
None
If no client certificate is sent on required client auth, the server alerts bad_certificate.
This may not conform to the specifications.
Please see Bernd's comment on openjdk/jdk/17645 [1] as the below,
rfc8446 6.2 “certificate_required: Sent by servers when a client certificate is
desired but none was provided by the client.”
rfc5246 7.4.6 “ If the client does not send any certificates, the
server MAY at its discretion either continue the handshake without
client authentication, or respond with a fatal handshake_failure
alert.”
[1] https://github.com/openjdk/jdk/pull/17645#discussion_r1473440462
This may not conform to the specifications.
Please see Bernd's comment on openjdk/jdk/17645 [1] as the below,
rfc8446 6.2 “certificate_required: Sent by servers when a client certificate is
desired but none was provided by the client.”
rfc5246 7.4.6 “ If the client does not send any certificates, the
server MAY at its discretion either continue the handshake without
client authentication, or respond with a fatal handshake_failure
alert.”
[1] https://github.com/openjdk/jdk/pull/17645#discussion_r1473440462
- duplicates
-
-
- Closed
-