Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mtls not working with http/3 #11892

Closed
abvaidya opened this issue Jun 9, 2024 · 2 comments · Fixed by #11900
Closed

mtls not working with http/3 #11892

abvaidya opened this issue Jun 9, 2024 · 2 comments · Fixed by #11900
Assignees
@sbordet
Labels
Bug For general bugs on Jetty side

Comments

@abvaidya
Copy link

abvaidya commented Jun 9, 2024

Jetty version(s)
Jetty 12.0.10

Jetty Environment
ee10

Java version/vendor (use: java -version)
openjdk version "17.0.11" 2024-04-16
OpenJDK Runtime Environment Temurin-17.0.11+9 (build 17.0.11+9)
OpenJDK 64-Bit Server VM Temurin-17.0.11+9 (build 17.0.11+9, mixed mode)

OS type/version
Mac OS Sonoma 14.5

Description

The server is started on http/2 and http/3 on the same port. http/2 works perfectly fine where client certificate is available at X509Certificate[] certs = (X509Certificate[]) request.getAttribute("jakarta.servlet.request.X509Certificate");
when the request is made over http/3, request attributes are null.

How to reproduce?
Start a server on http/3 and set needClientAuth(true)
@abvaidya abvaidya added the Bug For general bugs on Jetty side label Jun 9, 2024
@sbordet sbordet self-assigned this Jun 10, 2024
sbordet added a commit that referenced this issue Jun 10, 2024
@sbordet
Fixes #11892 - mtls not working with http/3.
409916f 
The client certificate is now exposed in QuicheConnection, so that it can be returned by QuicStreamEndPoint.getSslSessionData().

Not much else is exposed by Quiche, so not much else that we can provide to applications, for example no TLS session id, no cipher suite, etc.

Signed-off-by: Simone Bordet <[email protected]>
@sbordet sbordet linked a pull request Jun 10, 2024 that will close this issue
Fixes #11892 - mtls not working with http/3. #11900
Merged
@sbordet
Copy link
Contributor

sbordet commented Jun 10, 2024

@abvaidya we have a fix for the client certificate (only the last in the chain) in #11900.

Unfortunately, there is not much else exposed by Quiche, so let us know if you need more.

If you do, then the ball goes into Quiche court to expose more information, and until then, we cannot do more.

@abvaidya
Copy link
Author

Thank you for the quick turnaround. Will give it a shot.

sbordet added a commit that referenced this issue Jun 12, 2024
@sbordet
Fixes #11892 - mtls not working with http/3. (#11900)
8e6ab93 
The client certificate is now exposed in QuicheConnection, so that it can be returned by QuicStreamEndPoint.getSslSessionData().

Not much else is exposed by Quiche, so not much else that we can provide to applications, for example no TLS session id, no cipher suite, etc.

Fixed --enable-native-access command line option to run tests, as the foreign dependency is in the class-path.

Signed-off-by: Simone Bordet <[email protected]>
@sbordet sbordet mentioned this issue Jun 13, 2024
Closed
joakime added a commit that referenced this issue Jun 19, 2024
@joakime
Fixes #11892 - mtls not working with http/3. (#11900)
4a31e66 
The client certificate is now exposed in QuicheConnection, so that it can be returned by QuicStreamEndPoint.getSslSessionData().

Not much else is exposed by Quiche, so not much else that we can provide to applications, for example no TLS session id, no cipher suite, etc.

Fixed --enable-native-access command line option to run tests, as the foreign dependency is in the class-path.

Signed-off-by: Simone Bordet <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbordet sbordet

Labels
Bug For general bugs on Jetty side
Projects
No open projects
🧊 Jetty 12.0.11 - FROZEN
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #11892 - mtls not working with http/3. jetty/jetty.project
2 participants
@sbordet @abvaidya