Home/ Questions/Q 7880355
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T04:07:34+00:00

I am writing a server which will optionally (depending on the client) will require

  • 0

I am writing a server which will optionally (depending on the client) will require a client-side certificate. Clients that provide certs and clients that don’t provide certs will need to connect to the server via the same server port.

So that I can support both types of clients on the SSLContext I will call “setWantClientAuth(true)”. After a client SSLSession is negotiated I want to go get the client certificate chain if it is available. The only way I see to get the client-certificate chain is via “sslSession.getPeerCertificates()” which unfortunately will throw an exception if the client did not provide a cert.

Is there any other way to determine if the client certificates were provided before calling getPeerCertificates so I can avoid the Exception for clients that don’t provide a cert?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Throwing an exception in this case is just part of the API contract of getPeerCertificate():

    Throws:
    SSLPeerUnverifiedException – if the peer’s identity has not been verified

    The traditional way to handle the absence of client authentication is simply to catch this exception. You can look at Apache Tomcat’s JSSESupport implementation for example.

    (They catch Throwable in this version, whereas you might just want to catch SSLPeerUnverifiedException.)

    • 0