okhttp: HTTPS - Breaking client authentication on server side

Hi Guys,

When you don’t specify a sslSocketFactory okhttp recreate a TLS SSLcontext instead of using SSLContext.getDefault. Doing so you init the SSLContext without giving the default keyStore and this break server side client certificate authentication.

In a system where you configure your trustCertificate and keyStore using system properties like “javax.net.ssl.keyStore” & “javax.net.ssl.trustStore” , java merge them and init the SSLContext.getDefault for you. Basically you just need to get the socketFactory from that default context.

To make sure the sslsocket factory contain my client certificate from the keystore I have to call OkHttpClient.builder.slSocketFactory(**SSLContext.getDefault().getSocketFactory**, trustManager)

Let me know if you guys need something or if i got it wrong I will try to follow with a pull request.

Best,

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (2 by maintainers)

Most upvoted comments

Won’t fix.

+1
yschimke on Mar 29, 2020
Read more comments on GitHub
← okhttp: Http2Stream to have independent errors for request and response streams
okhttp: HTTPS proxy is not supported →