[gnutls-devel] GnuTLS | Client Authentication broken with Java 17.0.17+ (and recent versions of Java) (#1842)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Apr 17 00:31:04 CEST 2026
Romain Tartière commented: https://gitlab.com/gnutls/gnutls/-/work_items/1842#note_3259201612
> Use a GnuTLS client that rely on `gnutls_certificate_set_x509_key_file()` to setup client-side TLS key and certificate;
This seems important as I could workaround the issue in the library that use GnuTLS by replacing the call to this function with the corresponding code used by `gnutls-cli(1)` (dozens of lines):
https://git.madhouse-project.org/algernon/riemann-c-client/pulls/20/files (link to this workaround patch)
Another workaround consist in passing `GNUTLS_FORCE_CLIENT_CERT` to `gnutls_init(3)`:
https://git.madhouse-project.org/algernon/riemann-c-client/pulls/19/files (link to this workaround patch)
But the issue seems to be in GnuTLS itself as other TLS implementation work the same way with all versions of java (tested with GnuTLS, OpenSSL and WolfSSL).
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1842#note_3259201612
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-03phxfxjv6wc1er4vxelqhi9g-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260416/596a06dc/attachment-0001.html>
More information about the Gnutls-devel
mailing list