Trantor works with mtls?

[irineu]

Hi,

I'm making some tests with tls connection and i would like to check the performance and verify if this framework works with mutual tls connection. If yes, is there kind of example of code?

I've checked the examples and class TcpClient::enableSSL without success.

Best regards, Irineu A.

[irineu]

After look the source code

https://github.com/an-tao/trantor/blob/c1e57a06e2e825c937e12a25efe847f800547aeb/trantor/net/inner/TcpConnectionImpl.cc#L1966

there is no way for the server check if the client sent a valid certificate and read the CA file (SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(caFile));). A param or method to enable the server to check the client SSL certificate will be a very useful. Is there a way to add this functionality?

References

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_use_certificate.html If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see SSL_CTX_load_verify_locations(3).

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_CA_list.html

[irineu]

Well it's still not the final version, but i'm now using mTLS :D

https://github.com/an-tao/trantor/compare/master...irineu:master