Fix the mTLS failure when using certs and keys in HTTP2

ballerina/Ballerina.toml

@@ -1,7 +1,7 @@
 [package]
 org = "ballerina"
 name = "http"
-version = "2.10.1"
+version = "2.10.2"
 authors = ["Ballerina"]
 keywords = ["http", "network", "service", "listener", "client"]
 repository = "https://github.com/ballerina-platform/module-ballerina-http"
@@ -16,8 +16,8 @@ graalvmCompatible = true
 [[platform.java17.dependency]]
 groupId = "io.ballerina.stdlib"
 artifactId = "http-native"
-version = "2.10.1"
-path = "../native/build/libs/http-native-2.10.1.jar"
+version = "2.10.2"
+path = "../native/build/libs/http-native-2.10.2-SNAPSHOT.jar"
 
 [[platform.java17.dependency]]
 groupId = "io.ballerina.stdlib"

ballerina/CompilerPlugin.toml

@@ -3,4 +3,4 @@ id = "http-compiler-plugin"
 class = "io.ballerina.stdlib.http.compiler.HttpCompilerPlugin"
 
 [[dependency]]
-path = "../compiler-plugin/build/libs/http-compiler-plugin-2.10.1.jar"
+path = "../compiler-plugin/build/libs/http-compiler-plugin-2.10.2-SNAPSHOT.jar"

ballerina/Dependencies.toml

@@ -76,7 +76,7 @@ modules = [
 [[package]]
 org = "ballerina"
 name = "http"
-version = "2.10.1"
+version = "2.10.2"
 dependencies = [
 	{org = "ballerina", name = "auth"},
 	{org = "ballerina", name = "cache"},

changelog.md

@@ -5,6 +5,12 @@ This file contains all the notable changes done to the Ballerina HTTP package th
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to 
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.10.2] - 2023-10-09
+
+### Fixed
+
+- [Fix HTTP2 mTLS issue when certs and keys are provided](https://github.com/ballerina-platform/ballerina-standard-library/issues/4890)
+
 ## [2.10.1] - 2023-09-27
 
 ### Fixed

native/src/main/java/io/ballerina/stdlib/http/transport/contractimpl/common/ssl/SSLHandlerFactory.java

@@ -353,6 +353,9 @@ public SslContext createHttp2TLSContextForClient(boolean enableOcsp) throws SSLE
         } else {
             sslContextBuilder = clientContextBuilderWithCerts(provider);
         }
+        if (sslConfig.getClientKeyFile() != null) {
+            sslContextBuilder = clientContextBuilderWithCerts(provider);
+        }
         setCiphers(sslContextBuilder, ciphers);
         setSslProtocol(sslContextBuilder);
         setAlpnConfigs(sslContextBuilder);

native/src/test/java/io/ballerina/stdlib/http/transport/http2/ssl/Http2ALPNwithCertsTest.java → native/src/test/java/io/ballerina/stdlib/http/transport/http2/ssl/Http2AlpnWithCertsTest.java

@@ -38,13 +38,14 @@
 
 import static io.ballerina.stdlib.http.transport.contract.Constants.HTTPS_SCHEME;
 import static io.ballerina.stdlib.http.transport.contract.Constants.HTTP_2_0;
+import static io.ballerina.stdlib.http.transport.contract.Constants.REQUIRE;
 
 /**
- * Test ALPN protocol negotiation for HTTP2 with Certificates and keys.
+ * Test mTLS with certs and keys in HTTP2.
  */
-public class Http2ALPNwithCertsTest {
+public class Http2AlpnWithCertsTest {
 
-    private static final Logger LOG = LoggerFactory.getLogger(Http2ALPNwithCertsTest.class);
+    private static final Logger LOG = LoggerFactory.getLogger(Http2AlpnWithCertsTest.class);
     private ServerConnector serverConnector;
     private HttpClientConnector httpClientConnector;
     private HttpWsConnectorFactory connectorFactory;
@@ -64,7 +65,7 @@ public void setup() throws InterruptedException {
     }
 
     @Test
-    public void testHttp2ALPNwithCerts() {
+    public void testHttp2AlpnWithcerts() {
         TestUtil.testHttpsPost(httpClientConnector, TestUtil.SERVER_PORT1);
     }
 
@@ -77,12 +78,16 @@ private ListenerConfiguration getListenerConfigs() {
         listenerConfiguration.setSslHandshakeTimeOut(TestUtil.SSL_HANDSHAKE_TIMEOUT);
         listenerConfiguration.setServerKeyFile(TestUtil.getAbsolutePath(TestUtil.KEY_FILE));
         listenerConfiguration.setServerCertificates(TestUtil.getAbsolutePath(TestUtil.CERT_FILE));
+        listenerConfiguration.setVerifyClient(REQUIRE);
+        listenerConfiguration.setServerTrustCertificates(TestUtil.getAbsolutePath(TestUtil.CERT_FILE));
         return listenerConfiguration;
     }
 
     private SenderConfiguration getSenderConfigs() {
         SenderConfiguration senderConfiguration = new SenderConfiguration();
         senderConfiguration.setClientTrustCertificates(TestUtil.getAbsolutePath(TestUtil.CERT_FILE));
+        senderConfiguration.setClientKeyFile(TestUtil.getAbsolutePath(TestUtil.KEY_FILE));
+        senderConfiguration.setClientCertificates(TestUtil.getAbsolutePath(TestUtil.CERT_FILE));
         senderConfiguration.setHttpVersion(HTTP_2_0);
         senderConfiguration.setScheme(HTTPS_SCHEME);
         senderConfiguration.setSslSessionTimeOut(TestUtil.SSL_SESSION_TIMEOUT);

native/src/test/resources/testng.xml

@@ -174,7 +174,7 @@
             <class name="io.ballerina.stdlib.http.transport.https.CipherSuiteswithCertsTest"/>
             <class name="io.ballerina.stdlib.http.transport.https.OptionalMutualSSLTest"/>
             <class name="io.ballerina.stdlib.http.transport.https.SSLProtocolsWithCertsTest"/>
-            <class name="io.ballerina.stdlib.http.transport.http2.ssl.Http2ALPNwithCertsTest"/>
+            <class name="io.ballerina.stdlib.http.transport.http2.ssl.Http2AlpnWithCertsTest"/>
             <class name="io.ballerina.stdlib.http.transport.http2.ssl.TestHttp2WithALPN"/>
             <class name="io.ballerina.stdlib.http.transport.http2.ssl.Http2MutualSslTest"/>
             <class name="io.ballerina.stdlib.http.transport.http2.ssl.DisableSslTest"/>