I'm trying to have masquerade handle (and require) mutual TLS authentication.
I've added the following when setting up the server configuration:
--- a/src/server.rs
+++ b/src/server.rs
@@ -104,18 +104,22 @@ impl Server {
// Create the configuration for the QUIC connections.
let mut config = quiche::Config::new(quiche::PROTOCOL_VERSION).unwrap();
+
+ config.verify_peer(true);
+ config.load_verify_locations_from_file("root_ca.pem").unwrap();
To see if I could get this working quickly, I also patched quiche to require mutual TLS, by forcing it to set mode SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT when calling SSL_CTX_set_verify.
(it would be nice if this were easier to do via quiche::Config, but that's a different issue.)
When I start up the server and attempt a connection, I see:
It feels like I may be missing something in how I'm doing this, but I'm not sure what?
Right now I don't have client logs but I'll try to get some and add them to this.
I wonder if you have any insights about what might be happening here?
I'm trying to have masquerade handle (and require) mutual TLS authentication. I've added the following when setting up the server configuration:
To see if I could get this working quickly, I also patched quiche to require mutual TLS, by forcing it to set mode
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERTwhen callingSSL_CTX_set_verify.(it would be nice if this were easier to do via
quiche::Config, but that's a different issue.)When I start up the server and attempt a connection, I see:
It feels like I may be missing something in how I'm doing this, but I'm not sure what? Right now I don't have client logs but I'll try to get some and add them to this. I wonder if you have any insights about what might be happening here?