[I] Invalid session value in Tls-Session-Info header [incubator-pekko-http]

Wed, 14 Feb 2024 05:25:01 -0800 


randomkoder opened a new issue, #485:
URL: https://github.com/apache/incubator-pekko-http/issues/485

   Hi,
   I am using mutual TLS (TLS v1.3) authentication with client certificates for 
one of my pekko http server routes and encounter occasional failures when using 
Tls-Session-Info header.
   For some client connections it returns an invalid session value - 
Session(1707843603849|**SSL_NULL_WITH_NULL_NULL**) instead of  
Session(1707843600698|TLS_AES_256_GCM_SHA384), so client certificate details 
can not be extracted for the use in my application.
   
   Here is the simplified route that I am using for the test purposes
   ```
   
       val route =
         headerValueByType [`Tls-Session-Info`](`Tls-Session-Info`) { tlsInfo =>
           path("tls") {
             get {
               println(s"TLS info -${tlsInfo.toString}")
               complete(HttpEntity(ContentTypes.`text/html(UTF-8)`, s"Client 
certificate - ${tlsInfo.session.getPeerCertificates.head.toString}"))
             }
           }
         }
   
   ```
   Log entry for successful connections (200 Status code)
   ```
   18:13:54.582 [my-system-pekko.actor.default-dispatcher-13] DEBUG 
org.apache.pekko.io.TcpListener -- New connection accepted
   TLS info -Tls-Session-Info: Session(1707844434606|TLS_AES_256_GCM_SHA384)
   ```
   
   Log entry for failed connections (500 Status code)
   ```
   18:16:26.729 [my-system-pekko.actor.default-dispatcher-13] DEBUG 
org.apache.pekko.io.TcpListener -- New connection accepted
   TLS info -Tls-Session-Info: Session(1707844586732|SSL_NULL_WITH_NULL_NULL)
   18:16:26.868 [my-system-pekko.actor.default-dispatcher-19] ERROR 
org.apache.pekko.actor.ActorSystemImpl -- Error during processing of request: 
'peer not authenticated'. Completing with 500 Internal Server Error response. 
To change default exception handling behavior, provide a custom 
ExceptionHandler.
   javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at 
java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:560)
   ```
   
   Pekko http client is used as client.
   
   Versions of software used:
   pekko-http - 1.0.1
   pekko-actor-typed - 1.0.2
   pekko-stream - 1.0.2
   scala - 2.13.12
   openjdk - 11.0.22
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to