Failed to use self-signed certificate on client. #3495
Description
Describe the bug
I want to use self-signed certificate on client instead of using QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION.
I test with src/tools/sample/sample.c with two additional line.
Starting server:
# ./bin/Release/quicsample -server -cert_file:tls.crt -key_file:tls.key
Press Enter to exit.
[conn][0x7ffb38012fe0] Shut down by transport, 0xbebc32b
[conn][0x7ffb38012fe0] All done
[conn][0x7ffb38012fe0] Connected
[strm][0x7ffb3802f2a0] Peer started
[strm][0x7ffb3802f2a0] Data received
[strm][0x7ffb3802f2a0] Peer shut down
[strm][0x7ffb3802f2a0] Sending data...
[strm][0x7ffb3802f2a0] Data sent
[strm][0x7ffb3802f2a0] All done
[conn][0x7ffb38012fe0] Successfully shut down on idle.
[conn][0x7ffb38012fe0] All doneStarting client. The result of the first run should be the same as the second because I added the certificate manually.
# ./bin/Release/quicsample -client -target:localhost
[conn][0x55c334058330] Connecting...
[conn][0x55c334058330] Shut down by transport, 0xbebc32b
[conn][0x55c334058330] All done
# ./bin/Release/quicsample -client -target:localhost -unsecure
[conn][0x5631d67ba330] Connecting...
[conn][0x5631d67ba330] Connected
[strm][0x7f66a8015270] Starting...
[strm][0x7f66a8015270] Sending data...
[strm][0x7f66a8015270] Data sent
[conn][0x5631d67ba330] Resumption ticket received (1198 bytes):
0100000001314475010243E8030245C00404810000000504800100000604800100000704800100000801010E0104C0000000FF03DE1A0243E82D2D2D2D2D424547494E2053534C2053455353494F4E20504152414D45544552532D2D2D2D2D0A4D49494444674942415149434177514541684D43424343656438746C472F354F56414B54314F686F69757A3636654D4A4D6E344C3468456B586E78644150726E0A514151776D7A6B6843566A7051654E766476654B794A616A4E612F7650597145305A3073357A584B366647725453673376676A5A564D4C6E4D777648444F6F430A493979666F5159434247514C6E753269424149434843436A676746664D494942577A43434151476741774942416749514962664863536F6E344E544D74554F790A4E57576D7644414B42676771686B6A4F50515144416A41414D4234584454497A4D444D784D4449784D5459304F566F58445449304D444D774F5449784D5459300A4F566F774144425A4D424D4742797147534D34394167454743437147534D34394177454841304941424E42586E4138566D314371654E4D78736535317931492B0A7471627345704B76696D593839352B4A317345756C573668595477794D776D33372B4B4C685A7A467449594C6B2F76667A346D6C7A794B4C3078745A5142326A0A585442624D41344741315564447745422F775145417749434244415442674E56485355454444414B4267677242674546425163444154414D42674E5648524D420A41663845416A41414D43594741315564455145422F7751634D42714344536F755A586868625842735A53356A6232324343577876593246736147397A6444414B0A42676771686B6A4F5051514441674E49414442464169423073763036506B6A78446E33467A5332706A615A656B32494D6A2B73557765474E67506C496368394A0A51514968414B3663506F557634447753747176353642444C722F7979654A4961715A516A67626574636F5856326F6B6D70414945414B6B4541674963494B71430A4152514567674551696B59524673662B31523255446F4866794431555846476732495335742B4A6B6F4E55635045686C4F5931367A33426B6959447A553146450A454E5A55705A4B4E3756344362537A497562646754733450362F56374D4C457264303258447934557858374A2B7A63447467685768624855753855654A6849530A7A504B56316567447054704D4655747457507858685867653265775073385575626765754B304B5458446E7446727032435467345633476C31344E59366657340A763254567248455A4B48424B317244354A64646F5962746C6462675A77396339467745577A444E4466344678762B694D74344B316138716C6F716775433866550A396535412F4F385270776C39437072545A2B4B4B44464544654A566C756241664F6957617874687439372B705574486A466737723830456A7573514B4A4A316E0A624835666E4169397962486F6F6A754D522B75676A65647638665631574E424A6F3641504D303734694546707859334F3455697542774946414D4136637236760A4277494641502F2F2F2F2B7743415147633246746347786C0A2D2D2D2D2D454E442053534C2053455353494F4E20504152414D45544552532D2D2D2D2D0A
[strm][0x7f66a8015270] Data received
[strm][0x7f66a8015270] Peer shut down
[strm][0x7f66a8015270] All done
[conn][0x5631d67ba330] Successfully shut down on idle.
[conn][0x5631d67ba330] All donetls.crt:
# openssl x509 -noout -text -in tls.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:b7:c7:71:2a:27:e0:d4:cc:b5:43:b2:35:65:a6:bc
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Validity
Not Before: Mar 10 21:16:49 2023 GMT
Not After : Mar 9 21:16:49 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d0:57:9c:0f:15:9b:50:aa:78:d3:31:b1:ee:75:
cb:52:3e:b6:a6:ec:12:92:af:8a:66:3c:f7:9f:89:
d6:c1:2e:95:6e:a1:61:3c:32:33:09:b7:ef:e2:8b:
85:9c:c5:b4:86:0b:93:fb:df:cf:89:a5:cf:22:8b:
d3:1b:59:40:1d
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:*.example.com, DNS:localhost
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:74:b2:fd:3a:3e:48:f1:0e:7d:c5:cd:2d:a9:8d:
a6:5e:93:62:0c:8f:eb:14:c1:e1:8d:80:f9:48:72:1f:49:41:
02:21:00:ae:9c:3e:85:2f:e0:3c:12:b6:ab:f9:e8:10:cb:af:
fc:b2:78:92:1a:a9:94:23:81:b7:ad:72:85:d5:da:89:26Affected OS
- Windows
- Linux
- macOS
- Other (specify below)
Additional OS information
No response
MsQuic version
main
Steps taken to reproduce bug
.
Expected behavior
.
Actual outcome
.
Additional details
No response