Closed akihikokuroda closed 1 year ago
Thanks for this contribution! Your comment above confuses me a bit, though: The PR code does not look TLSv1.1 specific. Also, the OQS-enablement only works for TLSv1.3. Lastly, do you intend to add some example/test code, too?
Oh, yes. That's my mistake. I meant V1.3. I looked for the tests of ssl3_ctrl
function but I couldn't. Would you tell me where the other tests are. I want to add tests for these functions. Thanks!
I'll try put some tests in test/sslapitest.c. Is it the right place?
@baentsch Thanks for review. I'll update the man page or the code. I'm planing to work with the upstream OpenSSL in addition to OpenSSL V3 for both OQS and the upstream.
@akihikokuroda Is this PR still something you'd like to move forward (and address the feedback) or shall we close this?
Hi! V3 work is moving forward, I close this. Thanks for your help!
This PR changes enable access to the curves and certificate type used in TLSv1.3 handshakes.
This equivalent to access to the ciphers used in the TLS session. The benefit is that monitoring/logging can not only report the protocol and ciphers, but also the curve and certificate type used for a TLSv1.3 connection on the client side. In particular, an user can verify that a quantum-safe-crypto curve and certificate was used.
Checklist