Focal's curl 7.68.0-1ubuntu2.6 now supports post-handshake client authentication.
curl \ --tls-max 1.2 \ --cacert ~/.koji/pki/koji-ca.crt \ --cert ~/koji-ansible/koji-tools/admin.crt \ --key ~/koji-ansible/koji-tools/admin.key \ https://localhost/kojihub/ssllogin However, python-requests on Focal or Groovy still cannot do post- handshake client auth with the default SSLProtocol setting. Sample Python script: import requests r = requests.get('https://localhost/kojihub/ssllogin', verify='.koji/pki/koji-ca.crt', cert=('koji-ansible/koji-tools/admin.crt', 'koji-ansible/koji-tools/admin.key')) r.raise_for_status() The Apache error logs say: [ssl:error] AH10158: cannot perform post-handshake authentication [ssl:error] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received Applying https://github.com/psf/requests/commit/db47b9b4a0c5877fb97f64ac442757604c4c45cc or updating to hirsute's python3-requests_2.25.1+dfsg-2 does work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865900 Title: apache 2.4.29-1ubuntu4.12 authentication with client certificate broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1865900/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
