Do not fail if client certificate is not provided

apple / swift-nio-ssl

TLS Support for SwiftNIO, based on BoringSSL.

https://swiftpackageindex.com/apple/swift-nio-ssl/main/documentation/niossl

Apache License 2.0

388 stars 139 forks source link

Do not fail if client certificate is not provided #412

Open borisreitman opened 1 year ago

borisreitman commented 1 year ago

I should be able to request client certificate, but still allow the connection if the certificate is not provided. In Node.js I can have the desired behaviour by specifying these options to HTTPS server,

requestCert: true,
rejectUnauthorized: false,

Lukasa commented 1 year ago

What are you trying to achieve in this usage configuration?

borisreitman commented 1 year ago

From an article referenced below, here is a quote:

"Then we tell it to accept requests with no valid certificate. We need this to handle invalid connections as well (for example to display an error message), otherwise, they would just get a cryptic HTTPS error message from the browser (ERR_BAD_SSL_CLIENT_AUTH_CERT to be precise)"

Reference: https://medium.com/@sevcsik/authentication-using-https-client-certificates-3c9d270e8326

borisreitman commented 1 year ago

@Lukasa I have implemented it, please review my pull request: https://github.com/apple/swift-nio-ssl/pull/413