Thank you Daniel and Diresh.
I don't think we should send the post handshake extension in case no
client certificate is given.
The OpenSSL documentation is pretty silent about what happens when a
server requests a post handshake. What I found is that some kind of
callback function is mentioned, but I didn't find an example on a quick
glance.
I add Ander Juaristi, since he promised to maintain the OpenSSL code of
Wget until the end of his life, hehe ;-)
Regards, Tim
On 23.03.19 10:20, address@hidden wrote:
Hello all,
A re-work was done on the patch as Daniel suggested.
Please find the updated gist in the link below:
https://gist.github.com/AviSoomirtee/22c1b698c796177d836323ef506665a5
Could you provide a feedback about the change.
Thanks.
Regards,
Diresh Soomirtee.
On Friday, March 22, 2019 22:23 CET, Daniel Stenberg <address@hidden> wrote:
On Fri, 22 Mar 2019, Tim Rühsen wrote:
Are you sure that '#ifdef SSL_CTX_set_post_handshake_auth' works ?
Here with
OpenSSL 1.1.1b it seems that 'SSL_CTX_set_post_handshake_auth' is a
function
and not a #define.
In curl we use this #ifdef magic for figuring out if the function is
present:
#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \
!defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_IS_BORINGSSL))
#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
#endif
--
/ daniel.haxx.se