zig icon indicating copy to clipboard operation
zig copied to clipboard
verified publisher icon ziglang

Missing TLS HandshakeType support (certificate_request)

Open richard-powers opened this issue 1 year ago • 2 comments

Zig Version

0.11.0

Steps to Reproduce and Observed Behavior

I found this issue when trying to connect to a postgres database which requires ssl. In std.crypto.tls.Client there is a switch statement over the HandshakeType, but certificate_request is unhandled, so I simply receive error.TlsUnexpectedMessage instead of being able to connect to my database.

In the TLS RFC, A server which is authenticating with a certificate MAY optionally request a certificate from the client

So it seems this must be supported in some cases, unless I'm mistaken?

Expected Behavior

HandshakeType.certificate_request to be supported, if it is indeed required for the protocol

richard-powers avatar Apr 03 '24 15:04 richard-powers

Yes, the TLS Client should add an option for a Certificate to respond to these messages. This isn't required for HTTPS, which is what the client is currently designed for.

I think this is blocked on #14171. After it lands it this feature should be added to both the TLS client and the TLS server and tested.

clickingbuttons avatar Apr 04 '24 04:04 clickingbuttons

Chiming in here that this is a blocker for me in an IRC client appllication. Several IRC servers fail TLS handshakes because of this.

rockorager avatar May 08 '24 22:05 rockorager

Just wanted to note that some HTTPS endpoints such as the Kubernetes API Server may do a certificate_request during the handshake.

VaskoBozhurski avatar Jun 20 '24 10:06 VaskoBozhurski