enforcing mutual auth from the client

Wall, Stephen stephen.wall at redcom.com
Thu Sep 1 21:36:36 UTC 2022

Does OpenSSL 3.0 provide a way for client side software to verify that the server actually sent a request for the client’s certificate?  As I recall, the only way to do this in 1.0.2 was to hook in a callback that examined every handshake message and set a flag if the client cert request was seen, then check that flag after handshake completion in the application.  I hope there is something better available in 3.0…

- Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220901/ad343b58/attachment.htm>

More information about the openssl-users mailing list