Am 12.10.2018 um 14:40 schrieb Rainer Jung:
Am 12.10.2018 um 14:02 schrieb Mark Thomas:
On 12/10/18 12:11, Rainer Jung wrote:
Am 10.10.2018 um 23:54 schrieb Mark Thomas:
On 10/10/18 22:49, ma...@apache.org wrote:
Author: markt
Date: Wed Oct 10 21:49:55 2018
New Revision: 1843514
URL: http://svn.apache.org/viewvc?rev=1843514&view=rev
Log:
Implement TLS 1.3 support for CLIENT-CERT when the APR/native
connector is not configured with certificateVerification="required"
(i.e. the equivalent of server initiated renegotiation to obtain a
client cert)
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/sslnetwork.c
There is a large amount of duplication in this commit for the above
file. A C programmer with more skill than me can probably find a simple
way to reduce it.
I hope I have done it without breaking it in r1843645 and r1843651. It
compiles with OpenSSL 1.0.2, 1.1.0 and 1.1.1 and the refactoring isn't
very complex. Do you have an efficient way of testing whether I broke
reneg or PHA?
Thanks for cleaning up after me. Much appreciated.
I've tested TLS 1.2 and TLS 1.3 with APR/native and NIO+OpenSSL and
reneg and PHA both work as expected.
Many thanks,
Thanks for doing the hard part of it :)
Sorry, I forgot: of course big thanks to Chris and our community testers
as well!
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org