SyliusResourceBundle
SyliusResourceBundle copied to clipboard
Tls mutual authentication
I'm not an expert, but here is what I've done trying to get mutual authentication : https://gist.github.com/dvlopt/de48dbe6b7e1d7ea93c3beb929e146d0
Basically, in order for the client to make a request to my local https server, I have to set the sysprop "javax.net.ssl.trustStore" to the same truststore I've declared in the client's ssl context. Is this redundancy normal ? I expected the ssl context to be self sufficient and contain all the information it needs. The problem is specific to the client as requesting from the server using curl with --cacert to the pem file used to build the truststore works just fine.
Furthermore, how can mutual authentication be enforced ? Curling the server works but isn't mutual.
The gist doesn’t exist but I have just fiddled around with this and documenting for reference.
(def ssl-context
(->
(SslContextBuilder/forServer (io/file “cert.pem”) (io/file “key.pem”))
(.clientAuth (ClientAuth/REQUIRE))
(.trustManager (io/file “trust.pem”))
(.build)))
(http/start-server handler {:ssl-context ssl-context})
Wrote on my phone so apologies for formatting.
Created issue #501 to expose the client certificate details in the request.
Addressed : https://github.com/clj-commons/aleph/pull/505