Hi, I am using apache httpclient and I configure the ssl context to use my keystore and truststore. The https server I am using is IIS7 and is configured to require client authentication. I think I have set everything up properly from IIS part. Anyway, if I configure the httpClent's ssl context with a keystore (i.e. with client certificates) valid for IIS then there is no problem connecting.
Now my problem is the following: If I do NOT configure the ssl context with any client certificate to send to IIS, there is no connection with the server. What makes me worry though, is the fact that I was expecting to see some java exception in the code as a result of a hanshake failure alert. This exception never occured. Monitoring what is happening with wireshark, and using the private key to decrypt the traces I saw a certificate request coming from IIS. The strange is that the httpclient replied with a Certificate message of length 0 instead of a NoCertificateAlert. I think this is not correct. Per RFC it should be a NoCertificateAlert. Right? Then IIS receiving the empty certificate message, does not raise a handshake alert either, but both parts stop communicating. How is this behavior explained? I think that it is a bug from httpclient part. Shouldn't I see an SSL alert in this context?? Thank you
