Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require client provide certs if RequireClientAuth=true #192

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Require client provide certs if RequireClientAuth=true #192

wants to merge 1 commit into from

Conversation

jared2501
Copy link

No description provided.

@jared2501
Copy link
Author

Hey @bifurcation, before I look into the tests for this, does this look right? The issue I'm trying to fix is when a server requires client certificates, but the client doesn't send any, we let the TLS session establish when we shouldn't.

@marten-seemann
Copy link
Collaborator

The spec doesn’t require the client to send a certificate if the server requests one. I think the right way to deal with this is as the standard library does.

@jared2501
Copy link
Author

@marten-seemann - ah hmm, perhaps RequireClientAuth is a bit of a misnomre then? Also, when you say "as the standard library does", do you mean by allowing the client to set different levels from NoClientCert to RequireAndVerifyClientCert?

@marten-seemann
Copy link
Collaborator

Yes, that’s the option I meant.
In general, I think that the mint.Config should be as similar as possible to the tls.Config, as this makes using the library easier and more intuitive.

@jared2501 jared2501 mentioned this pull request May 19, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jared2501 @marten-seemann