summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java5
1 files changed, 4 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java
index 546741b3322..6ad38747091 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java
@@ -34,7 +34,10 @@ class TlsClientAuthenticationEnforcer extends HandlerWrapper {
if (isHttpsRequest(request)
&& !isRequestToWhitelistedBinding(servletRequest)
&& !isClientAuthenticated(servletRequest)) {
- servletResponse.sendError(Response.Status.UNAUTHORIZED, "Client did not present a x509 certificate.");
+ servletResponse.sendError(
+ Response.Status.UNAUTHORIZED,
+ "Client did not present a x509 certificate, " +
+ "or presented a certificate not issued by any of the CA certificates in trust store.");
} else {
_handler.handle(target, request, servletRequest, servletResponse);
}