Merge pull request #239 from mkauf/post_handshake_auth

Support client certificates with TLS 1.3
author: Samuel Williams <samuel.williams@oriontransfer.co.nz> 2019-06-15 10:24:42 +1200
committer: GitHub <noreply@github.com> 2019-06-15 10:24:42 +1200
commit: 4b43ffc1292eeb70ff886847836e21ad96ed8796 (patch)
tree: 88c78d3a503df5bcec28f76303faf62015169011
parent: e11fa66e75696b159572135b997548eee67f7aac (diff)
parent: 7348165c5024771af1758fdb1bfc222e9277f4bb (diff)
download: ruby-openssl-4b43ffc1292eeb70ff886847836e21ad96ed8796.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index d86e1301..076e2879 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -166,6 +166,7 @@ have_func("SSL_CTX_get_security_level")
 have_func("X509_get0_notBefore")
 have_func("SSL_SESSION_get_protocol_version")
 have_func("EVP_PBE_scrypt")
+have_func("SSL_CTX_set_post_handshake_auth")
 
 Logging::message "=== Checking done. ===\n"
 
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index df2304e4..ec49587a 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -810,6 +810,10 @@ ossl_sslctx_setup(VALUE self)
     }
 #endif /* OPENSSL_NO_EC */
 
+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+    SSL_CTX_set_post_handshake_auth(ctx, 1);
+#endif
+
     val = rb_attr_get(self, id_i_cert_store);
     if (!NIL_P(val)) {
 	X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */
author	Samuel Williams <samuel.williams@oriontransfer.co.nz>	2019-06-15 10:24:42 +1200
committer	GitHub <noreply@github.com>	2019-06-15 10:24:42 +1200
commit	4b43ffc1292eeb70ff886847836e21ad96ed8796 (patch)
tree	88c78d3a503df5bcec28f76303faf62015169011
parent	e11fa66e75696b159572135b997548eee67f7aac (diff)
parent	7348165c5024771af1758fdb1bfc222e9277f4bb (diff)
download	ruby-openssl-4b43ffc1292eeb70ff886847836e21ad96ed8796.tar.gz