On Wed, 21 Feb 2024 07:26:52 GMT, Daniel Jeliński <[email protected]> wrote:
> If I understand correctly, `com.sun.net.httpserver` is not part of the spec, > and CSRs are for spec changes only. > > Have you verified that the new code works as intended? > > * sends a CertificateRequest message only if either of the properties is > true > > * refuses to connect if needClientAuth is true and the client doesn't > produce a certificate > > > Pretty sure we don't have any tests for that, they couldn't possibly pass > with the current code. On. the second point there, I think it would be useful if we had a test for this. It could be done in another PR maybe, but it would need a client/server interaction with the "need" flag set and if no client cert available, check for appropriate error. If cert available the client and server can both check that it was used, through the SSLSession created. You could use the same approach to test the "want" flag as well potentially. ------------- PR Comment: https://git.openjdk.org/jdk/pull/17940#issuecomment-1959031676
