pyopenssl icon indicating copy to clipboard operation
pyopenssl copied to clipboard

Published 20 hours ago verified publisher icon pyca

[TLS 1.3] Add post-handshake auth support

Open tiran opened this issue 7 years ago • 2 comments

TLS 1.3 introduced post-handshake authentication for TLS client certs. The feature is required for e.g. HTTP servers that require TLS client cert authentication depending on HTTP method and/or path.

  • https://bugs.python.org/issue34670
  • https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_post_handshake_auth.html

PyCA cryptography needs to expose:

  • int SSL_verify_client_post_handshake(SSL *ssl)
  • void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
  • void SSL_set_post_handshake_auth(SSL *ssl, int val)
  • SSL_VERIFY_POST_HANDSHAKE

tiran avatar Sep 21 '18 08:09 tiran

Does PyOpenSSL support post-handshake authentication yet ? Having trouble to get TLSv1.3 working with client certificate using requets_pkcs12 (see https://github.com/m-click/requests_pkcs12/issues/17 )

Any hints would be helpful.

deajan avatar Jan 09 '20 10:01 deajan

Ahemm.. up ? please ?

deajan avatar Feb 06 '20 15:02 deajan