bug#47321: 27.1; gnutls.c does not handle TLS rehandshake from server

[Jan Ypma]

Unfortunately, I don't have access to the related Azure 
infrastructure directly. And, with this being a closed-source 3rd 
party cloud service, they could have upgraded/changed their server 
behavior and nobody would know :).

I suggest we leave the discussion open, perhaps others on Azure 
that /are/ able to use GnuTLS could chime in. 

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Jan Ypma <jan@ypmania.nl> writes:
>
> > I'm using gnutls with a client x509 certificate to talk to an 
> > https
> > server. The server is a Microsoft "Azure API Management" 
> > instance,
> > which has a particular way of handling client certificates. It 
> > accepts
> > an initial handshake without requesting a certificate. It then 
> > awaits
> > the http "Host: " header. Only after that, it requests a 
> > rehandshake
> > on the TLS layer, expecting the client to send a certificate.
>
> (I'm going through old bug reports that unfortunately weren't 
> resolved
> at the time.)
>
> Would it be possible to create a complete test case for this, by 
> any
> chance?  Without a test case, it's difficult to start fixing 
> this issue,
> but I realise that it may be difficult to set one up, since it 
> requires
> certificates etc...