Author christian.heimes
Recipients christian.heimes
Date 2019-06-27.10:33:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1561631609.42.0.922673247425.issue37428@roundup.psfhosted.org>
In-reply-to
Content
Enabling TLS 1.3 post handshake auth also enables cert chain validation. OpenSSL documents SSL_VERIFY_POST_HANDSHAKE as ignored for client side. However tls_process_server_certificate in the client state machine code does not ignore the flag and checks for a correct cert chain.

see https://github.com/openssl/openssl/issues/9259 and https://github.com/openssl/openssl/blob/743694a6c29e5a6387819523fad5e3b7e613f1ee/ssl/statem/statem_clnt.c#L1899-L1918
History
Date User Action Args
2019-06-27 10:33:29christian.heimessetrecipients: + christian.heimes
2019-06-27 10:33:29christian.heimessetmessageid: <1561631609.42.0.922673247425.issue37428@roundup.psfhosted.org>
2019-06-27 10:33:29christian.heimeslinkissue37428 messages
2019-06-27 10:33:29christian.heimescreate