Closed
Description
Curl does neither call SSL_CTX_set_post_handshake_auth()
nor SSL_set_post_handshake_auth()
to enable TLS 1.3's post handshake authentication feature. TLS 1.3 does no longer support renegotiation, therefore PHA is required when the server requires TLS client cert auth depending on HTTP method and/or path. OpenSSL 1.1.1 changed PHA to opt-in.
I noticed the issue while I was working on PHA support for Python. I wanted to verify my implementation with curl...
Resources: