Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: document s2n_cert_auth_type behavior #4454

Merged
merged 11 commits into from
Jun 3, 2024
Merged

docs: document s2n_cert_auth_type behavior #4454

merged 11 commits into from
Jun 3, 2024

Conversation

toidiu
Copy link
Contributor

@toidiu toidiu commented Mar 9, 2024
edited
Loading

Description of changes:

s2n-tls has a concept of s2n_cert_auth_type which controls handshake behavior depending on the type of connection (server vs client). This behavior is complex and undocumented. This PR attempts to document the behavior.

Callout:

The default behavior was recently changed in #4390

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@toidiu toidiu requested a review from lrstewart March 9, 2024 07:16
@github-actions github-actions bot added the s2n-core team label Mar 9, 2024
@toidiu
Copy link
Contributor Author

toidiu commented Apr 3, 2024

offline comments:

@toidiu toidiu requested a review from maddeleine May 1, 2024 18:47
maddeleine
maddeleine reviewed May 1, 2024
View reviewed changes
@toidiu toidiu force-pushed the ak-docsAuthType branch from 7b4f675 to baa587e Compare May 28, 2024 21:26
@toidiu toidiu requested a review from maddeleine May 28, 2024 21:28
maddeleine
maddeleine reviewed May 28, 2024
View reviewed changes
maddeleine
maddeleine reviewed May 28, 2024
View reviewed changes
toidiu
toidiu commented May 29, 2024
View reviewed changes
api/s2n.h Outdated
Comment on lines 2302 to 2303
* - Optional: request the client's certificate and validate if it's non-empty. Abort the
* handshake if the client doesn't send its certificate (can be empty).
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dont love the "(can be empty)" and technically its redundant since i mention non-empty. Thoughts on if we should keep it or re-word it?

goatgoose
goatgoose reviewed May 30, 2024
View reviewed changes
@toidiu toidiu force-pushed the ak-docsAuthType branch from f694cd6 to b230d71 Compare May 31, 2024 07:10
@toidiu toidiu enabled auto-merge (squash) May 31, 2024 17:02
goatgoose
goatgoose approved these changes May 31, 2024
View reviewed changes
api/s2n.h Outdated
* - Optional: Request the client's certificate and validate it. If no certificate is received then
* no validation is performed.
* - Required: Request the client's certificate and validate it. Abort the handshake if a client
* certificate is not received.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the spacing here is still inconsistent. I would either remove all of the newline indenting or fix this one.

Suggested change
* certificate is not received.
* certificate is not received.

@toidiu toidiu merged commit 3c9a802 into aws:main Jun 3, 2024
33 checks passed
@toidiu toidiu deleted the ak-docsAuthType branch July 11, 2024 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@maddeleine maddeleine maddeleine approved these changes

@lrstewart lrstewart Awaiting requested review from lrstewart

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@toidiu @goatgoose @maddeleine