On 2/20/2018 9:34 AM, J Decker wrote:
> Client does a verification and passes or fails, and via the SSL layer
> I can query if the client validated the certificate.
> If it failed, provide a option for the client to get a renewed
> certificate for verification. If success, no action.
> If an
No, you cannot query the SSL layer to know if the client validated the
certificate. SSL/TLS don't provide any means of querying the remote
side.
Here's how the workflow works:
1) client doesn't trust certificate, doesn't override distrust:
connection closes with fatal unknown_ca or
On 02/20/2018 06:34 PM, J Decker wrote:
> Yes that is true however here's the scenario.
> Client does a verification and passes or fails, and via the SSL layer I can
> query if the client validated the certificate.
> If it failed, provide a option for the client to get a
On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Deloget wrote:
> Hello,
>
> On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton wrote:
>
> > The only thing that the server can know is whether the client has
> > terminated the connection with a fatal alert. If the
The only thing that the server can know is whether the client has
terminated the connection with a fatal alert. If the client validates
presented cert chains, then its continuation with the connection means
that it passed validation. If the client does not, or ignores any
given error, then it