From 7348165c5024771af1758fdb1bfc222e9277f4bb Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <mail@michael-kaufmann.ch>
Date: Mon, 21 Jan 2019 15:58:54 +0100
Subject: Support client certificates with TLS 1.3

Enable post-handshake authentication with OpenSSL 1.1.1

Fixes #237
---
 ext/openssl/ossl_ssl.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ext/openssl/ossl_ssl.c')

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7996f227..8a8d8e4b 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -810,6 +810,10 @@ ossl_sslctx_setup(VALUE self)
     }
 #endif /* OPENSSL_NO_EC */
 
+#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
+    SSL_CTX_set_post_handshake_auth(ctx, 1);
+#endif
+
     val = rb_attr_get(self, id_i_cert_store);
     if (!NIL_P(val)) {
 	X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */
-- 
cgit v1.2.3