Jetty Mutual TLS auth not finding the client certificate

Question

I have a client instance running on jetty server. I have my own CA certificate loaded and working on both server and the client. When i send the certificate request during the handshake, I have to specify the full issuer DN for the client certificate, otherwise the client fails to find the needed certificate. But I want to use only the CN of the CA in the request.

If I send

*** CertificateRequest
Cert Types: ECDSA
Supported Signature Algorithms: SHA256withECDSA
Cert Authorities:
<C=IT, O=ORGNAME, OU=OUNAME, CN=TEST_CA>

The server sends the correct certificate and the authentication succeeds, however, I want to only specify the CN of the CA I want. ie

*** CertificateRequest
Cert Types: ECDSA
Supported Signature Algorithms: SHA256withECDSA
Cert Authorities:
<CN=TEST_CA>

Using the above request, the server fails to find a valid client cert and proceeds to send an empty cert chain and the authentication fails

Answer 1

After digging deeper into the TLS RFC 5246 , the specification says you need to supply Distinguished Name(s), while I was trying to supply a Relative Distinguished Name (ie only one of the fields) DN vs RDN

Seems like what i wanted to do is not possible according to the RFC. Hope it helps someone who comes across this.