[jira] [Updated] (HTTPCORE-748) Alias selection for EdDSA client certificates broken

Philippe Marschall (Jira) Mon, 22 May 2023 08:25:07 -0700


     [ 
https://issues.apache.org/jira/browse/HTTPCORE-748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Philippe Marschall updated HTTPCORE-748:
----------------------------------------
    Labels: clientcertificate  (was: )

> Alias selection for EdDSA client certificates broken
> ----------------------------------------------------
>
>                 Key: HTTPCORE-748
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-748
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore
>    Affects Versions: 4.4.15
>            Reporter: Philippe Marschall
>            Priority: Minor
>              Labels: clientcertificate
>
> Automatic alias selection for EdDSA client certificates broken since only 
> EDDSA are checked.
> [RFC-8422 Section 3|https://datatracker.ietf.org/doc/html/rfc8422#section-3] 
> specifies that the certificate type {{ECDSA_sign}} in the certificate request 
> is to be used for both ECDSA and EdDSA certificates but 
> {{org.apache.http.ssl.SSLContextBuilder.KeyManagerDelegate#getClientAliasMap(String[],
>  Principal[])}} only checks with the key type "ECDSA" and therefore does not 
> find EdDSA certificates.
> How to reproduce:
> * Create a client keystore with only an EcDSA certificate and try to connect 
> to a server that requires a client certificate.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[jira] [Updated] (HTTPCORE-748) Alias selection for EdDSA client certificates broken

Reply via email to