diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-09-12 11:35:04 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-09-12 11:35:04 +0200 |
commit | 0a8b550336d3e31e4f6c1e73d11554d406215b3e (patch) | |
tree | 240f1bee974921e2fafa29532a3c77fa6ce52c93 /jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java | |
parent | b741895853fec582fb45dee42b8c78057118d0b8 (diff) |
Improve error message when clients present an invalid certificate
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java index 546741b3322..6ad38747091 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java @@ -34,7 +34,10 @@ class TlsClientAuthenticationEnforcer extends HandlerWrapper { if (isHttpsRequest(request) && !isRequestToWhitelistedBinding(servletRequest) && !isClientAuthenticated(servletRequest)) { - servletResponse.sendError(Response.Status.UNAUTHORIZED, "Client did not present a x509 certificate."); + servletResponse.sendError( + Response.Status.UNAUTHORIZED, + "Client did not present a x509 certificate, " + + "or presented a certificate not issued by any of the CA certificates in trust store."); } else { _handler.handle(target, request, servletRequest, servletResponse); } |