-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client auth server side #331
Client auth server side #331
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Main scenario is here but not all interactions are covered, see my comments.
-- Remember cert chain for later use. | ||
-- | ||
usingHState ctx $ setClientCertChain certs | ||
clientCertificate sparams ctx certs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The FIXME comment just below should probably be part of the function too.
I'm now inactive since I'm on winter vacation. I will take care of this on 7th Jan. |
31ee5e5
to
d690792
Compare
Right. I have implemented this using Note that I dropped one commit and rebased this branch onto |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A bit more complex that I anticipated regarding the transcript. I think it can be simplified further by just giving the previous transcript as argument to the actions.
But this is already quite clean and provides what we need, thanks!
Thank you for reviewing and merging! |
Passing test cases of client auth and usage.
Interoperability with OpenSSL is confirmed:
NG:
% ./opensslwrap.sh s_client -cert=$SOMEWHERE/clientcert.pem -key=$SOMEWHERE/clientkey.pem 127.0.0.1:13443