diff options
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java index 546741b3322..6ad38747091 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/TlsClientAuthenticationEnforcer.java @@ -34,7 +34,10 @@ class TlsClientAuthenticationEnforcer extends HandlerWrapper { if (isHttpsRequest(request) && !isRequestToWhitelistedBinding(servletRequest) && !isClientAuthenticated(servletRequest)) { - servletResponse.sendError(Response.Status.UNAUTHORIZED, "Client did not present a x509 certificate."); + servletResponse.sendError( + Response.Status.UNAUTHORIZED, + "Client did not present a x509 certificate, " + + "or presented a certificate not issued by any of the CA certificates in trust store."); } else { _handler.handle(target, request, servletRequest, servletResponse); } |