janetls icon indicating copy to clipboard operation
janetls copied to clipboard
verified publisher icon LeviSchuck

Client TLS: add x509_crt

Open LeviSchuck opened this issue 4 years ago • 1 comments

mbedtls_ssl_* requires an x509 certificate chain object when verify is MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_REQUIRED.

mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );

For this to work, an x509 certificate chain object must be available with functionality such as

  • Load from PEM str
  • Load from DER str

Functionality such as the following are out of scope for this issue.

  • Verifying a certificate chain
  • Writing a certificate
  • Generating a certificate
  • Loading system certificates

LeviSchuck avatar Oct 10 '21 18:10 LeviSchuck

Done in b65ec4946145ab71ed717f6c1cb11914359796b2

Only going with DER string support for now. Loading functionality to be facilitated through nicer API in janet side with pem.

LeviSchuck avatar Oct 12 '21 03:10 LeviSchuck