I opened this issue to track this problem: https://github.com/openssl/openssl/issues/7384 Matt On 11/10/18 10:25, Matt Caswell wrote: > > > On 10/10/18 23:04, Dave Wang wrote: >> Hi there, >> >> I have a client can talk with server, where the client certificate is >> loaded in client_cert_cb based on matching the server side certificate. >> >> it works perfectly in openssl 1.1.0h, however it stops working after I >> upgrade to openssl 1.1.1. >> >> In client_cert_cb , when I call SSL_get_peer_certificate, it returns >> NULL, which is different from openssl 1.1.0h. >> >> I do set SSL_VERIFY_PEER on both sides. >> >> >> any thoughts on this? > > I assume this only happens with a TLSv1.3 handshake? > > From the documentation, the client_cert_cb is called: "when a client > certificate is requested by a server". In practice this means when we > have received the CertificateRequest message from the server. > > In TLSv1.2 (and below) the server's first flight of messages for a > client-auth full handshake in response to a ClientHello looks like this: > > ServerHello > Certificate > ServerKeyExchange > CertificateRequest > ServerHelloDone > > In TLSv1.3 it looks like this: > > ServerHello > EncryptedExtensions > CertificateRequest > Certificate > CertificateVerify > Finished > > Note that in TLSv1.2 the CertificateRequest message comes *after* the > server has sent the Certificate but in TLSv1.3 it comes *before*. That > means of course that in TLSv1.3 the client_cert_cb gets called before we > have processed the server's certificate and hence > SSL_get_peer_certificate() returns NULL. > > I'm wondering whether we should delay calling the client_cert_cb in > TLSv1.3 until after the CertificateVerify has been processed. > > Matt > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
