[
https://issues.apache.org/jira/browse/HTTPCORE-748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725009#comment-17725009
]
Oleg Kalnichevski commented on HTTPCORE-748:
--------------------------------------------
> Create a client keystore with only an EcDSA certificate and try to connect to
> a server that requires a client certificate.
[~marschall] I seriously doubt anyone here will be willing to generate an EcDSA
certificate and set up a server accepting that certificate to verify your
report. Unless you can provide a private key / public cert pair and a Docker
container running a web server configured with that key / trust material I will
keep this ticket open for a while but eventually will have to close it.
Oleg
> Alias selection for EdDSA client certificates broken
> ----------------------------------------------------
>
> Key: HTTPCORE-748
> URL: https://issues.apache.org/jira/browse/HTTPCORE-748
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore
> Affects Versions: 4.4.15
> Reporter: Philippe Marschall
> Priority: Minor
> Labels: clientcertificate
>
> Automatic alias selection for EdDSA client certificates broken since only
> EDDSA are checked.
> [RFC-8422 Section 3|https://datatracker.ietf.org/doc/html/rfc8422#section-3]
> specifies that the certificate type {{ECDSA_sign}} in the certificate request
> is to be used for both ECDSA and EdDSA certificates but
> {{org.apache.http.ssl.SSLContextBuilder.KeyManagerDelegate#getClientAliasMap(String[],
> Principal[])}} only checks with the key type "ECDSA" and therefore does not
> find EdDSA certificates.
> How to reproduce:
> * Create a client keystore with only an EcDSA certificate and try to connect
> to a server that requires a client certificate.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
