Regression: Client certificates do not work in 9.4.15.v20190215+

[byteit101]

Using a client certificate set up, I get java.security.cert.CertificateException: No subject alternative names present and a terminated TLS handshake Description: Certificate Unknown (46) with jetty 9.4.15.v20190215 and 9.4.16.v20190411. Same client passes on 9.3.x and 9.4.9 - 9.4.14. (I didn't test pre 9.4.9)

I used the downloaded demo.jar by following https://www.eclipse.org/jetty/documentation/current/jetty-ssl-distribution.html#client-certificate-authentication with certificates generated from https://gist.github.com/jankronquist/6412839 and jetty.sslContext.needClientAuth=true

When I download 9.4.14 or earlier, following the documentation allows my client to connect successfully, whereas 9.4.15 and later give the aforementioned error.

[joakime]

Sounds like you hit #3454 and the associated bug detected after changes in #3480 was released.

[joakime]

Your SNI issue could also be related to #2896 or #2886

[joakime]

We've had reports that using endpointIdentificationAlgorithm=null works for people that are only using server side SSL (does not apply for jetty-client use for SSL on same server)

[sbordet]

@byteit101 please see this comment.

Set endpointIdentificationAlgorithm=null or better yet use SslContextFactory.Server instead of a plain SslContextFactory.