mint icon indicating copy to clipboard operation
mint copied to clipboard
verified publisher icon bifurcation

Require client provide certs if RequireClientAuth=true

Open jared2501 opened this issue 7 years ago • 4 comments

jared2501 avatar Apr 11 '18 05:04 jared2501

Hey @bifurcation, before I look into the tests for this, does this look right? The issue I'm trying to fix is when a server requires client certificates, but the client doesn't send any, we let the TLS session establish when we shouldn't.

jared2501 avatar Apr 11 '18 05:04 jared2501

The spec doesn’t require the client to send a certificate if the server requests one. I think the right way to deal with this is as the standard library does.

marten-seemann avatar Apr 11 '18 06:04 marten-seemann

@marten-seemann - ah hmm, perhaps RequireClientAuth is a bit of a misnomre then? Also, when you say "as the standard library does", do you mean by allowing the client to set different levels from NoClientCert to RequireAndVerifyClientCert?

jared2501 avatar Apr 11 '18 06:04 jared2501

Yes, that’s the option I meant. In general, I think that the mint.Config should be as similar as possible to the tls.Config, as this makes using the library easier and more intuitive.

marten-seemann avatar Apr 11 '18 06:04 marten-seemann