Support client certificates with TLS 1.3

Enable post-handshake authentication with OpenSSL 1.1.1 Fixes #237
author: Michael Kaufmann <mail@michael-kaufmann.ch> 2019-01-21 15:58:54 +0100
committer: Michael Kaufmann <mail@michael-kaufmann.ch> 2019-01-21 16:06:38 +0100
commit: 7348165c5024771af1758fdb1bfc222e9277f4bb (patch)
tree: ae9d4340f21c4c3ce28b192aac015cfb3ef8bb72 /ext/openssl/ossl_ssl.c
parent: 18ec883d6daaedbf32c66ca4ae6e41b66d0eeca4 (diff)
download: ruby-openssl-7348165c5024771af1758fdb1bfc222e9277f4bb.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7996f227..8a8d8e4b 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -810,6 +810,10 @@ ossl_sslctx_setup(VALUE self)
     }
 #endif /* OPENSSL_NO_EC */
 
+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+    SSL_CTX_set_post_handshake_auth(ctx, 1);
+#endif
+
     val = rb_attr_get(self, id_i_cert_store);
     if (!NIL_P(val)) {
 	X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */
author	Michael Kaufmann <mail@michael-kaufmann.ch>	2019-01-21 15:58:54 +0100
committer	Michael Kaufmann <mail@michael-kaufmann.ch>	2019-01-21 16:06:38 +0100
commit	7348165c5024771af1758fdb1bfc222e9277f4bb (patch)
tree	ae9d4340f21c4c3ce28b192aac015cfb3ef8bb72 /ext/openssl/ossl_ssl.c
parent	18ec883d6daaedbf32c66ca4ae6e41b66d0eeca4 (diff)
download	ruby-openssl-7348165c5024771af1758fdb1bfc222e9277f4bb.tar.gz