SyliusResourceBundle icon indicating copy to clipboard operation
SyliusResourceBundle copied to clipboard

Published 20 hours ago verified publisher icon Sylius

Tls mutual authentication

Open helins opened this issue 7 years ago • 1 comments

I'm not an expert, but here is what I've done trying to get mutual authentication : https://gist.github.com/dvlopt/de48dbe6b7e1d7ea93c3beb929e146d0

Basically, in order for the client to make a request to my local https server, I have to set the sysprop "javax.net.ssl.trustStore" to the same truststore I've declared in the client's ssl context. Is this redundancy normal ? I expected the ssl context to be self sufficient and contain all the information it needs. The problem is specific to the client as requesting from the server using curl with --cacert to the pem file used to build the truststore works just fine.

Furthermore, how can mutual authentication be enforced ? Curling the server works but isn't mutual.

helins avatar Mar 14 '17 08:03 helins

The gist doesn’t exist but I have just fiddled around with this and documenting for reference.

(def ssl-context 
  (-> 
    (SslContextBuilder/forServer (io/file “cert.pem”) (io/file “key.pem”))
    (.clientAuth (ClientAuth/REQUIRE))
    (.trustManager (io/file “trust.pem”))
    (.build)))

(http/start-server handler {:ssl-context ssl-context})

Wrote on my phone so apologies for formatting.

Created issue #501 to expose the client certificate details in the request.

mmmdreg avatar Apr 02 '19 02:04 mmmdreg

Addressed : https://github.com/clj-commons/aleph/pull/505

arnaudgeiser avatar Nov 17 '22 07:11 arnaudgeiser