[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Pha support for tls1.3
|
From: |
Tim Rühsen |
|
Subject: |
Re: [Bug-wget] Pha support for tls1.3 |
|
Date: |
Sat, 23 Mar 2019 18:04:12 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 |
Thank you Daniel and Diresh.
I don't think we should send the post handshake extension in case no
client certificate is given.
The OpenSSL documentation is pretty silent about what happens when a
server requests a post handshake. What I found is that some kind of
callback function is mentioned, but I didn't find an example on a quick
glance.
I add Ander Juaristi, since he promised to maintain the OpenSSL code of
Wget until the end of his life, hehe ;-)
Regards, Tim
On 23.03.19 10:20, address@hidden wrote:
> Hello all,
>
> A re-work was done on the patch as Daniel suggested.
>
> Please find the updated gist in the link below:
> https://gist.github.com/AviSoomirtee/22c1b698c796177d836323ef506665a5
>
> Could you provide a feedback about the change.
> Thanks.
>
> Regards,
> Diresh Soomirtee.
>
> On Friday, March 22, 2019 22:23 CET, Daniel Stenberg <address@hidden> wrote:
>
>> On Fri, 22 Mar 2019, Tim Rühsen wrote:
>>
>> > Are you sure that '#ifdef SSL_CTX_set_post_handshake_auth' works ?
>> Here with
>> > OpenSSL 1.1.1b it seems that 'SSL_CTX_set_post_handshake_auth' is a
>> function
>> > and not a #define.
>>
>> In curl we use this #ifdef magic for figuring out if the function is
>> present:
>>
>> #if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \
>> !defined(LIBRESSL_VERSION_NUMBER) && \
>> !defined(OPENSSL_IS_BORINGSSL))
>> #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
>> #endif
>>
>> --
>>
>> / daniel.haxx.se
>
>
>
>
signature.asc
Description: OpenPGP digital signature