search

enarx-archive / tlssock

A library exposing TLS/DTLS sockets using the POSIX networking APIs
Apache License 2.0
18 stars 7 forks source link

Implement Peer Name #37

Open mbestavros opened 5 years ago

mbestavros commented 5 years ago

Originally reported by @npmccallum.

The TLS_OPT_PEER_NAME option needs to be implemented, documented and tested. This option should be able to be set in conjunction with authentication methods to restrict the name of the authenticated peer (SRP: username, Cert: Subject).

The ideal situation would be to make this a simple string. However, one question is how to use TLS_OPT_PEER_NAME with getsockopt() after authentication. For SRP or PSK, this should be the authenticated username. I think for Certificates this should be the subject. This means users who want access to subjectAltName will have to parse the certificate. But I think this is the most straightforward behavior.

mbestavros commented 5 years ago

@puiterwijk originally commented:

For certificates, this has been part of the initial Public API in https://github.com/enarx/tlssock/pull/29