Thank you Daniel and Diresh. I don't think we should send the post handshake extension in case no client certificate is given.
The OpenSSL documentation is pretty silent about what happens when a server requests a post handshake. What I found is that some kind of callback function is mentioned, but I didn't find an example on a quick glance. I add Ander Juaristi, since he promised to maintain the OpenSSL code of Wget until the end of his life, hehe ;-) Regards, Tim On 23.03.19 10:20, [email protected] wrote: > Hello all, > > A re-work was done on the patch as Daniel suggested. > > Please find the updated gist in the link below: > https://gist.github.com/AviSoomirtee/22c1b698c796177d836323ef506665a5 > > Could you provide a feedback about the change. > Thanks. > > Regards, > Diresh Soomirtee. > > On Friday, March 22, 2019 22:23 CET, Daniel Stenberg <[email protected]> wrote: > >> On Fri, 22 Mar 2019, Tim Rühsen wrote: >> >> > Are you sure that '#ifdef SSL_CTX_set_post_handshake_auth' works ? >> Here with >> > OpenSSL 1.1.1b it seems that 'SSL_CTX_set_post_handshake_auth' is a >> function >> > and not a #define. >> >> In curl we use this #ifdef magic for figuring out if the function is >> present: >> >> #if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \ >> !defined(LIBRESSL_VERSION_NUMBER) && \ >> !defined(OPENSSL_IS_BORINGSSL)) >> #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH >> #endif >> >> -- >> >> / daniel.haxx.se > > > >
signature.asc
Description: OpenPGP digital signature
