Allow support for a chained certificate / pkcs12 file off the bat #265

beneshed · 2020-08-04T02:07:34Z

Trying to tackle #219

It seems via the code that SNI is "supported by default"

This goes ahead and sets multiple certificates to the x5c header and it's also already using x5t

The issue seems that when supporting a chained certificate, it's currently hardcoded to only accept one certificate and not a chain.

I'm not a Java guy and this is not pretty code and a decent amount of stackoverflow/googling

Please help critique the code so it's up to standards, but the goal of the PR is to support a list of x509 certificates instead of a single cert

SomkaPe · 2020-08-05T21:26:46Z

@thebenwaters was you able to E2E test this ?

beneshed · 2020-08-12T14:04:08Z

@SomkaPe working on resolving backend issue. on paper it should work

beneshed · 2020-08-30T08:11:27Z

@SomkaPe I asked the owner of the app 55e7e5af-ca53-482d-9aa3-5cb1cc8eecb5 for access to configure SNI so we can have full integration testing

beneshed · 2020-10-11T12:58:29Z

This has been accepted and merged. Closing

bewatersmsft and others added 2 commits August 4, 2020 05:02

Allow support for a chained certificate / pkcs12 file off the bat

0054300

Update ClientCertificate.java

e6b3bb7

Avery-Dunn requested review from SomkaPe, sangonzal and Avery-Dunn August 4, 2020 13:53

SomkaPe mentioned this pull request Sep 4, 2020

Bewaters certchain #276

Merged

beneshed closed this Oct 11, 2020

beneshed deleted the bewaters-certchain branch October 11, 2020 13:08

Provide feedback