Skip to content
This repository was archived by the owner on Mar 3, 2026. It is now read-only.

Commit 6e6525f

Browse files
dogroverjknack
dogrover
authored and
jknack
committed
Enable client certificate authentication (jooby-project#905)
- NettySslContext now explicitly requests client auth when `ssl.trust.cert` is used. Fix jooby-project#904 - NettySslContextTest now checks for this setting.
1 parent 6add6ac commit 6e6525f

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

modules/jooby-netty/src/main/java/org/jooby/internal/netty/NettySslContext.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,7 @@
222222
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
223223
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
224224
import io.netty.handler.ssl.ApplicationProtocolNames;
225+
import io.netty.handler.ssl.ClientAuth;
225226
import io.netty.handler.ssl.OpenSsl;
226227
import io.netty.handler.ssl.SslContext;
227228
import io.netty.handler.ssl.SslContextBuilder;
@@ -239,7 +240,8 @@ static SslContext build(final Config conf) throws IOException, CertificateExcept
239240
? conf.getString("ssl.keystore.password") : null;
240241
SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass);
241242
if (conf.hasPath("ssl.trust.cert")) {
242-
scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir));
243+
scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir))
244+
.clientAuth(ClientAuth.REQUIRE);
243245
}
244246
if (http2) {
245247
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;

modules/jooby-netty/src/test/java/org/jooby/internal/netty/NettySslContextTest.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
2727
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
2828
import io.netty.handler.ssl.ApplicationProtocolNames;
29+
import io.netty.handler.ssl.ClientAuth;
2930
import io.netty.handler.ssl.OpenSsl;
3031
import io.netty.handler.ssl.SslContext;
3132
import io.netty.handler.ssl.SslContextBuilder;
@@ -61,6 +62,7 @@ public void sslTrustCert() throws Exception {
6162
.expect(unit-> {
6263
SslContextBuilder scb = unit.get(SslContextBuilder.class);
6364
expect(scb.trustManager(Paths.get("target", "unsecure.crt").toFile())).andReturn(scb);
65+
expect(scb.clientAuth(ClientAuth.REQUIRE)).andReturn(scb);
6466
})
6567
.run(unit -> {
6668
assertNotNull(NettySslContext.build(conf.withValue("ssl.trust.cert",

0 commit comments

Comments
 (0)