SSL_connect with TLS 1.3 and client Certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello all,

I am currently trying to build both client and server of an application
that uses TLS 1.3 and mutual authentication using certificates. The
application works so far - I can establish connections, certificates are
verified, data is successfully transmitted, etc.

However, I have an issue, or maybe two.

1. SSL_connect returns successfully before the client certificate is
sent from the client to the server. The client certificate is only sent
on the first SSL_write_ex with > 0 bytes, and as such, at this point the
server can generate SSL alerts like access denied, etc.

2. When trying to benchmark latency on the application, the first
roundtrip is extended by the client certificate verification.

Is there any way I can complete the handshake, and thus validate the
full connection, without sending data?

I must say that even after reading RFC8446 I am not sure if there is a
positive confirmation after the client certificate is sent, so I am not
sure if what I am asking for is even possible.

Best regards,
Chris



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux