Skip to content

getPeerCertificateChain() to throw exception when client auth not requested #310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JeremiahM37 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

getPeerCertificateChain() to throw exception when client auth not requested #310

JeremiahM37 wants to merge 2 commits into from

Conversation

@JeremiahM37
Copy link
Contributor

@JeremiahM37 JeremiahM37 commented Dec 31, 2025

Summary

Fix getPeerCertificateChain() to throw SSLPeerUnverifiedException when client auth not requested, matching SunJSSE behavior.

Problem

SSLSession.getPeerCertificateChain() returned null when the server didn't request client authentication. SunJSSE throws SSLPeerUnverifiedException in this case. This caused compatibility issues with Netty and other frameworks that catch the exception to detect "no peer certificate."

Changes

  • WolfSSLImplementSSLSession.java: Throw SSLPeerUnverifiedException instead of returning null when client auth not requested

Testing

  • Added testGetPeerCertificateChainNoClientAuth to verify exception is thrown when needClientAuth=false and wantClientAuth=false

@JeremiahM37 JeremiahM37 self-assigned this Dec 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JeremiahM37 JeremiahM37

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JeremiahM37