ainghazal
commented
1 year ago For certificate authentication, we don't need to actually initiate the handshake. We should do a pre-flight check and bail out with an explicit pre-requisite error.
For password-based authentication, we will need to check the server error string.
Right now, the case for certificate-based authentication for clients does not capture properly an expired certificate. This is specially problematic because it confounds bad credentials with other kind of handshake errors.