Https issue with Safari.

[Potthof Tilman]

Hi,

I'm using plays https with a self-signed certificate and Keystore. When I test my application in different Browsers Firefox, Chrome and Opera behave like expected (ask if i want to trust my certificate), but in Safari (latest version) I'm first ask to trust the cerfiticate:

- Safari can't verify the identity of the website "localhost". ... 

(Options: "Show Certificate", "Cancle", "Continue")

Ok, than "Continue", but than Safari says:

- The website "localhost" requires a client certificate. This website requires a certificate to validate your identity. Select the certificate to use when you connect to this website, and then click Continue.

Shows me some of my own certificates like a "MobileMe Sharing Certificate" to choose from.

(Options again: "Show Certificate", "Cancle", "Continue")

Ok, may be "Continue". No, that one fails and than Safari tells me: "Safari can’t open the page “https://localhost:9443/” because Safari can’t establish a secure connection to the server “localhost”.

"Cancle" works and the page open normally. 

This behavior only occurs when you have more than one personal certificate (like MobileMe-Certificate, or an iPhone-Dev-Cert). With one certificate it fails without the connection fails without asking.

Is this a bug in play? Has someone else seen this behavior?

[Ro]

Correction, the problem also exists for Chrome on OSX, which also uses the Keychain.

Looks like netty requires that browsers send the client certificate by default. There's a patch to override this in Play for 1.3: http://play.lighthouseapp.com/projects/57987/tickets/908 as well as some client-side workarounds: http://support.apple.com/kb/HT1679

Any chance that this fix can be moved up to 1.2.3? It doesn't seem to be a very large change.

(Also posted here: https://groups.google.com/forum/#!topic/play-framework/qArQDlBkVAs )