-
1. Re: Undertow TLS client authentication
ctomc Feb 20, 2014 10:08 AM (in response to dfisher)What is your https-listener configuration?
-
2. Re: Undertow TLS client authentication
lbonco Feb 20, 2014 3:55 PM (in response to ctomc)Hi,
I have the same problem, this is my https-listener configuration:
<server name="default-server">
<ajp-listener name="ajp-connector" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http"/>
<https-listener name="defaultssl" socket-binding="https" security-realm="UndertowRealm" verify-client="REQUIRED"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
I have also another issue, if I use my default trustore, in my case with 175 certificate, I can't finish SSL handshake, with curl I get only this:
curl -vvvv -k https://....
* Hostname was NOT found in DNS cache
* Trying 10.150.190.202...
* Connected to host00.svil.bol (10.150.190.202) port 8022 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
In the log I found that the message "*** ServerHelloDone" was written before the end of the write buffer.
2014-02-20 00:22:03,590 INFO [stdout] (default I/O-1) default I/O-1, WRITE: TLSv1.2 Handshake, length = 16384
2014-02-20 00:22:03,590 INFO [stdout] (default I/O-1) *** ServerHelloDone
2014-02-20 00:22:03,591 INFO [stdout] (default I/O-1) default I/O-1, WRITE: TLSv1.2 Handshake, length = 6170