Support client certificates with TLS 1.3

Enable post-handshake authentication with OpenSSL 1.1.1 Fixes #237
ruby · Jan 21, 2019 · 7348165 · 7348165
1 parent 18ec883
commit 7348165
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
@@ -165,6 +165,7 @@ def find_openssl_library
 have_func("X509_get0_notBefore")
 have_func("SSL_SESSION_get_protocol_version")
 have_func("EVP_PBE_scrypt")
+have_func("SSL_CTX_set_post_handshake_auth")
 
 Logging::message "=== Checking done. ===\n"
 

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
@@ -810,6 +810,10 @@ ossl_sslctx_setup(VALUE self)
  }
 #endif /* OPENSSL_NO_EC */
 
+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+ SSL_CTX_set_post_handshake_auth(ctx, 1);
+#endif
+
  val = rb_attr_get(self, id_i_cert_store);
  if (!NIL_P(val)) {
  X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */