Skip to content

quic: enable client certificate authentication support #40017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

quic: enable client certificate authentication support #40017

wants to merge 1 commit into from

Conversation

agrawroh
Copy link
Contributor

Description

This PR implements TLS client authentication (mTLS) support for QUIC connections, addressing the open TODO comment we have in QuicServerTransportSocketConfigFactory::createTransportSocketFactory().

We have modified the existing test to expect successful creation of transport socket factory with client authentication enabled and added new test cases to verify that the client certificate configuration is properly accepted and parsed.

This change aligns with RFC 9001 Section 4.4, which explicitly allows client authentication during the TLS handshake for QUIC connections.

Commit Message: quic: enable client certificate authentication support
Additional Description: Removed the TODOs and added support for TLS client authentication for QUIC.
Risk Level: Low
Testing: Unit tests and integration tests added
Docs Changes: Added
Release Notes: Added

@repokitteh-read-only RepoKitteh - Read Only
Copy link

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #40017 was opened by agrawroh.

see: more, trace.

@agrawroh agrawroh force-pushed the quic-client-cert-new-3 branch 6 times, most recently from 16d232f to 20ff065 Compare June 25, 2025 00:23
@agrawroh
quic: enable client certificate authentication support
739273e 
Signed-off-by: Rohit Agrawal <rohit.agrawal@databricks.com>
@agrawroh agrawroh force-pushed the quic-client-cert-new-3 branch from 20ff065 to 739273e Compare June 25, 2025 01:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RyanTheOptimist RyanTheOptimist Awaiting requested review from RyanTheOptimist RyanTheOptimist will be requested when the pull request is marked ready for review RyanTheOptimist is a code owner

@abeyad abeyad Awaiting requested review from abeyad abeyad will be requested when the pull request is marked ready for review abeyad is a code owner

@fredyw fredyw Awaiting requested review from fredyw fredyw will be requested when the pull request is marked ready for review fredyw is a code owner

@mathetake mathetake Awaiting requested review from mathetake mathetake will be requested when the pull request is marked ready for review mathetake is a code owner

@botengyao botengyao Awaiting requested review from botengyao botengyao will be requested when the pull request is marked ready for review botengyao is a code owner

@tyxia tyxia Awaiting requested review from tyxia tyxia will be requested when the pull request is marked ready for review tyxia is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@agrawroh