Question about using Post Handshake Authentication (SSL_VERIFY_POST_HANDSHAKE) and SSL_get_peer_certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We have a service that uses TLS. Prior to SSL_VERIFY_POST_HANDSHAKE, we knew we would have a certificate after the handshake when using SSL_VERIFY_PEER:SSL_VERIFY_FAIL_IF_NO_PEER_CERT. We would call

SSL_get_peer_certificate after the handshake completed and dump some information about the client certificate into our logs. After adding SSL_VERIFY_POST_HANDSHAKE to the mix, I’m trying to figure out when to check for the client certificate.

The options that I see are:

* Repeatedly call SSL_get_peer_certificate, or if OpenSSL 3.0 use SSL_get0_peer_certificate

* Implement a client certificate callback function

* Use SSL_get_state, but I’m not sure how to work out the states. It looks like either TLS_ST_SR_FINISHED/TLS_ST_SW_FINISHED are what I need to wait for

Any pointers on how to know when the client certificate has been received and processed?

Thanks,

Amul

The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux