search

processone / fast_tls

TLS / SSL OpenSSL-based native driver for Erlang / Elixir
https://www.ejabberd.im
Other
83 stars 37 forks source link

Client certificate requirements #41

Closed NelsonVides closed 4 years ago

NelsonVides commented 4 years ago

We're making a wrong check here.

     if CertFile /= [] orelse Command == ?SET_CERTIFICATE_FILE_ACCEPT ->

meant that in order to proceed, if no certificate file was provided, then at least the command should be an accept one. Which is not correct. In TLS we require the server, the one who does accept, to provide a certificate, while the client is not usually required so. It should instead be required for the server. I also divided the original test in two versions, to check that both are passing, and added a check to make sure that the server can see this certificate when the client offers so.

p1bot commented 4 years ago

Hi @NelsonVides, many thanks for your contribution!

In order for us to evaluate and accept your PR, we ask that you sign a contribution license agreement. It's all electronic and will take just minutes.

p1bot commented 4 years ago

You did it @NelsonVides!

Thank you for signing the ProcessOne Contribution License Agreement.

We will have a look at your contribution!

prefiks commented 4 years ago

Hello,

Looks good, that was silly mistake, i will merge this.

Thank you for your contribution.