Message327932
FYI Christian, your "typical scenario for HTTP" doesn't make sense to me... you can't send HTTP Connection Upgrade in the middle of a regular request/response cycle. I feel like the typical scenario ought to be more like:
* client
* send ``HTTP GET /path``
* server
* recv
* verify_client_post_handshake (maybe... via calling SSL_do_handshake again?)
* client
* recv
* send upgrade confirmation (emits Certificate, CertificateVerify, Finish message)
* server
* recv
* verify certificate
* send either the requested response, or a 401 Unauthorized depending
But I don't really understand the underlying design here, either at the TLS 1.3 level or the openssl level, and haven't found very useful docs yet, so I could be wrong. |
|
Date |
User |
Action |
Args |
2018-10-18 04:23:04 | njs | set | recipients:
+ njs, christian.heimes, benjamin.peterson, ned.deily, xnox, miss-islington |
2018-10-18 04:23:03 | njs | set | messageid: <1539836583.94.0.788709270274.issue34670@psf.upfronthosting.co.za> |
2018-10-18 04:23:03 | njs | link | issue34670 messages |
2018-10-18 04:23:03 | njs | create | |
|