Improve error message when clients present an invalid certificate

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-09-12 11:35:04 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-09-12 11:35:04 +0200
commit: 0a8b550336d3e31e4f6c1e73d11554d406215b3e (patch)
tree: 240f1bee974921e2fafa29532a3c77fa6ce52c93 /jdisc_http_service
parent: b741895853fec582fb45dee42b8c78057118d0b8 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java
index 546741b3322..6ad38747091 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java
@@ -34,7 +34,10 @@ class TlsClientAuthenticationEnforcer extends HandlerWrapper {
         if (isHttpsRequest(request)
                 && !isRequestToWhitelistedBinding(servletRequest)
                 && !isClientAuthenticated(servletRequest)) {
-            servletResponse.sendError(Response.Status.UNAUTHORIZED, "Client did not present a x509 certificate.");
+            servletResponse.sendError(
+                    Response.Status.UNAUTHORIZED,
+                    "Client did not present a x509 certificate, " +
+                            "or presented a certificate not issued by any of the CA certificates in trust store.");
         } else {
             _handler.handle(target, request, servletRequest, servletResponse);
         }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-09-12 11:35:04 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-09-12 11:35:04 +0200
commit	0a8b550336d3e31e4f6c1e73d11554d406215b3e (patch)
tree	240f1bee974921e2fafa29532a3c77fa6ce52c93 /jdisc_http_service
parent	b741895853fec582fb45dee42b8c78057118d0b8 (diff)