enforcing mutual auth from the client
Wall, Stephen
stephen.wall at redcom.com
Thu Sep 1 21:36:36 UTC 2022
Does OpenSSL 3.0 provide a way for client side software to verify that the server actually sent a request for the client’s certificate? As I recall, the only way to do this in 1.0.2 was to hook in a callback that examined every handshake message and set a flag if the client cert request was seen, then check that flag after handshake completion in the application. I hope there is something better available in 3.0…
Thanks
- Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220901/ad343b58/attachment.htm>
More information about the openssl-users
mailing list