-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
P4
-
None
-
Affects Version/s: 23
-
Component/s: security-libs
-
None
If no client certificate is sent on required client auth, the server alerts bad_certificate.
This may not conform to the specifications.
Please see Bernd's comment on openjdk/jdk/17645 [1] as the below,
rfc8446 6.2 “certificate_required: Sent by servers when a client certificate is
desired but none was provided by the client.”
rfc5246 7.4.6 “ If the client does not send any certificates, the
server MAY at its discretion either continue the handshake without
client authentication, or respond with a fatal handshake_failure
alert.”
[1] https://github.com/openjdk/jdk/pull/17645#discussion_r1473440462
This may not conform to the specifications.
Please see Bernd's comment on openjdk/jdk/17645 [1] as the below,
rfc8446 6.2 “certificate_required: Sent by servers when a client certificate is
desired but none was provided by the client.”
rfc5246 7.4.6 “ If the client does not send any certificates, the
server MAY at its discretion either continue the handshake without
client authentication, or respond with a fatal handshake_failure
alert.”
[1] https://github.com/openjdk/jdk/pull/17645#discussion_r1473440462
- duplicates
-
-
- Closed
-