I work on a remote server that uses Netty to authenticate a client using TLS authentication through the Netty SSLHandler library. This S / O question gives a little: Configure Netty using a two-way SSL connection (client and server certificate)
Now the question that I have about this system is that the server requires TrustManager to initialize SSLContext. From what I observe, the SunJSSE provider is used. Now, after setting up this implementation, I got her work with RSA client certificates. Now I am having problems using ECC client certificates because SunJSSE cannot recognize them (I think Java SE 7 includes SunEC as a provider, but SunEC is an implementation of SunJCE and not SunJSSE and therefore cannot be used as a TrustManager provider) . So how can I continue. I heard that Bouncy Castle can recognize these certificates, but I still cannot create TrustManager with BC as a provider.
Edit: Also, if there is no way to use TrustManagers, should I do the whole handshake using only the BouncyCastle API and not the net library? It is like that. This is my other S / O question that shows the stack trace: The ECC SSL client certificate contains an "unknown named curve"
source share