Open gxtaillon opened 4 years ago
I just encountered the limitation this is supposed to fix.
I'm writing a decentralized peer-to-peer network, and I need mutual authentication in the communication between the nodes. Because it's decentralized, there's no CA, so each node does custom per-peer validation.
In short, I need both server and client to exchange certificates -- but the reason I'm writing this is because I also need danger_accept_invalid_certs()
in both ends. Are you intending to cover this case as well?
@cypheratheist This PR only adds the ability to request or require client certificate. It would not allow to set a custom verification callback https://github.com/sfackler/rust-native-tls/issues/161#issuecomment-619224191 to let you accept invalid certs.
On top of this PR, you'd need to also make a call to set_verify_callback (openssl), verify_callback (schannel), set_break_on_client_auth (secure_transport).
Todo:
Provides a configuration mechanism for client certification verification ie: two-way tls.
I don't have windows or mac environments for oss, feel free to cannibalize this PR if you can do the implementation on these systems.
Related to: #161