-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support TLS Resume with client certificates on Linux #94561
Comments
Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones Issue DetailsFrom #94080 (comment)
Mutual authentication should be already fully supported on Windows, but we currently don't support it on Linux (and not at all on MacOS). runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs Lines 305 to 319 in 58e0349
|
Triage: not critical for 9.0, putting into Future for now. |
From #94080 (comment)
Mutual authentication should be already fully supported on Windows, but we currently don't support it on Linux (and not at all on MacOS).
runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs
Lines 305 to 319 in 58e0349
This will need some more thinking and testing. Specifically against cases when we unintentionally restore session with wrong certificate. When we only have one identity for any given server it is pretty simple. But if we have multiple services running on different port (SslStream does not have access to EndPoint) or if we want to maintain multiple identities to same service things do get more tricky.
However, cases where only 1 client certificate is provided (whether via ClientCertificates collection, or CertificateContext, or perhaps even the certificate selection callback) may be simple and safe to implement.
The text was updated successfully, but these errors were encountered: