You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SSLContextGrpcAuthenticationReader reads the last certificate from the peer certificates array, however I believe the intent was probably to retrieve the peer certificate, not an intermediate certificate.
The Javadoc of javax.net.ssl.SSLSession#getPeerCertificates specifies that it returns:
an ordered array of peer certificates, with the peer's own certificate first followed by any certificate authorities.
If there are no intermediate CA then the array with have length 1, and there will be no difference in behavior. This is probably why this bug has not been reported before (I don't think).
The text was updated successfully, but these errors were encountered:
The
SSLContextGrpcAuthenticationReader
reads the last certificate from the peer certificates array, however I believe the intent was probably to retrieve the peer certificate, not an intermediate certificate.grpc-spring/grpc-server-spring-boot-starter/src/main/java/net/devh/boot/grpc/server/security/authentication/SSLContextGrpcAuthenticationReader.java
Line 56 in de71ce3
The Javadoc of
javax.net.ssl.SSLSession#getPeerCertificates
specifies that it returns:If there are no intermediate CA then the array with have length 1, and there will be no difference in behavior. This is probably why this bug has not been reported before (I don't think).
The text was updated successfully, but these errors were encountered: