Hi Is there a means for the client to obtain the certificate bytes from the TLS negotiation that was sent by the server ? The reason I ask, to avoid a replay security scenario the idea is for the client to hash this and send it back with requests. I honestly don't know the details of this but just trying to figure out if it can even be done. I don't think that even converting a Java Certificate or X509 Certificate back to bytes works because I don't think it would guarantee idempotance. The closest I've seen sslContext.sessionContext().getIds() use one of those ids -> sslContext.sessionContext().getSession(id) which has an SSLSession where there are methods to get Certificates but as noted I don't think that's adequate.
-- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/45b2cbd8-f3b8-46a3-95bb-f22a39e2d401%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
