Philippe Marschall created HTTPCORE-748:
-------------------------------------------
Summary: Alias selection for EdDSA client certificates broken
Key: HTTPCORE-748
URL: https://issues.apache.org/jira/browse/HTTPCORE-748
Project: HttpComponents HttpCore
Issue Type: Bug
Components: HttpCore
Affects Versions: 4.4.15
Reporter: Philippe Marschall
Automatic alias selection for EdDSA client certificates broken since only EDDSA
are checked.
[RFC-8422 Section 3|https://datatracker.ietf.org/doc/html/rfc8422#section-3]
specifies that the certificate type {{ECDSA_sign}} in the certificate request
is to be used for both ECDSA and EdDSA certificates but
{{org.apache.http.ssl.SSLContextBuilder.KeyManagerDelegate#getClientAliasMap(String[],
Principal[])}} only checks with the key type "ECDSA" and therefore does not
find EdDSA certificates.
How to reproduce:
* Create a client keystore with only an EcDSA certificate and try to connect to
a server that requires a client certificate.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
