WIP: Enable access to the curves and certificate type

open-quantum-safe / openssl

UNSUPPORTED Fork of OpenSSL 1.1.1 that includes prototype quantum-resistant algorithms and ciphersuites based on liboqs PLEASE SWITCH TO OQS-Provider for OpenSSL 3

https://openquantumsafe.org/

Other

286 stars 124 forks source link

WIP: Enable access to the curves and certificate type #426

Closed akihikokuroda closed 1 year ago

akihikokuroda commented 1 year ago

This PR changes enable access to the curves and certificate type used in TLSv1.3 handshakes.

This equivalent to access to the ciphers used in the TLS session. The benefit is that monitoring/logging can not only report the protocol and ciphers, but also the curve and certificate type used for a TLSv1.3 connection on the client side. In particular, an user can verify that a quantum-safe-crypto curve and certificate was used.

Checklist

[x] documentation is added or updated
[ ] tests are added or updated

baentsch commented 1 year ago

Thanks for this contribution! Your comment above confuses me a bit, though: The PR code does not look TLSv1.1 specific. Also, the OQS-enablement only works for TLSv1.3. Lastly, do you intend to add some example/test code, too?

akihikokuroda commented 1 year ago

Oh, yes. That's my mistake. I meant V1.3. I looked for the tests of ssl3_ctrl function but I couldn't. Would you tell me where the other tests are. I want to add tests for these functions. Thanks!

akihikokuroda commented 1 year ago

I'll try put some tests in test/sslapitest.c. Is it the right place?

akihikokuroda commented 1 year ago

@baentsch Thanks for review. I'll update the man page or the code. I'm planing to work with the upstream OpenSSL in addition to OpenSSL V3 for both OQS and the upstream.

baentsch commented 1 year ago

@akihikokuroda Is this PR still something you'd like to move forward (and address the feedback) or shall we close this?

akihikokuroda commented 1 year ago

Hi! V3 work is moving forward, I close this. Thanks for your help!