mtls not working with http/3

Question

mtls not working with http/3

abvaidya opened this issue 2 months ago · comments

Jetty version(s)
Jetty 12.0.10

Jetty Environment
ee10

Java version/vendor (use: java -version)
openjdk version "17.0.11" 2024-04-16
OpenJDK Runtime Environment Temurin-17.0.11+9 (build 17.0.11+9)
OpenJDK 64-Bit Server VM Temurin-17.0.11+9 (build 17.0.11+9, mixed mode)

OS type/version
Mac OS Sonoma 14.5

Description

The server is started on http/2 and http/3 on the same port. http/2 works perfectly fine where client certificate is available at X509Certificate[] certs = (X509Certificate[]) request.getAttribute("jakarta.servlet.request.X509Certificate");
when the request is made over http/3, request attributes are null.

How to reproduce?
Start a server on http/3 and set needClientAuth(true)

Simone Bordet · Answer 1 · Mon Jun 10 2024 23:26:29 GMT+0800 (China Standard Time)

@abvaidya we have a fix for the client certificate (only the last in the chain) in #11900.

Unfortunately, there is not much else exposed by Quiche, so let us know if you need more.

If you do, then the ball goes into Quiche court to expose more information, and until then, we cannot do more.

Abhijeet V · Answer 2 · Tue Jun 11 2024 06:27:45 GMT+0800 (China Standard Time)

Thank you for the quick turnaround. Will give it a shot.