On 13/07/2021 19:44, Christian Schmidt wrote:
Hello all, I am currently trying to build both client and server of an application that uses TLS 1.3 and mutual authentication using certificates. The application works so far - I can establish connections, certificates are verified, data is successfully transmitted, etc. However, I have an issue, or maybe two. 1. SSL_connect returns successfully before the client certificate is sent from the client to the server. The client certificate is only sent on the first SSL_write_ex with > 0 bytes, and as such, at this point the server can generate SSL alerts like access denied, etc.
TLSv1.3 supports two types of certificate request. It can occur during the initial handshake, or it can occur as a post-handshake request. It sounds like you are doing the latter, but you want the former. Is that correct?
What are you doing in your code to request the certificate from the client? Matt
