[HTTPCORE-748] Alias selection for EdDSA client certificates broken - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 4.4.15
Fix Version/s: None
Component/s: HttpCore
Labels:
- clientcertificate

Description

Automatic alias selection for EdDSA client certificates broken since only EDDSA are checked.

RFC-8422 Section 3 specifies that the certificate type ECDSA_sign in the certificate request is to be used for both ECDSA and EdDSA certificates but org.apache.http.ssl.SSLContextBuilder.KeyManagerDelegate#getClientAliasMap(String[], Principal[]) only checks with the key type "ECDSA" and therefore does not find EdDSA certificates.

How to reproduce:

Create a client keystore with only an EcDSA certificate and try to connect to a server that requires a client certificate.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Philippe Marschall

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/May/23 15:23

Updated:: 22/May/23 15:50