srstites75
commented
1 year ago As another data point, I've verified the from_pkcs12 method works fine, and results in the client cert being presented once during the tls handshake.
Closed srstites75 closed 1 year ago
srstites75
commented
1 year ago As another data point, I've verified the from_pkcs12 method works fine, and results in the client cert being presented once during the tls handshake.
sfackler
commented
1 year ago Yeah, it looks like you're correct and we need to filter out the first cert from the stack.
After much analyzing, I've determined that when native_tls::Identity::from_pkcs8(...) is used on macos, when initializing the native_tls::Identity structure from the security framework key/certs, the client leaf cert is being included on the intermediate chain, and thus presented twice to the tls server. This causes most servers to reject the connection as it is confused that the client cert is presented twice before the rest of the intermediate certs, and often gets a "signature doesn't match" error. You can see in the from_pkcs12 method the leaf cert is being excluded from the chain, so seems like this needs to happen for the from_pkcs8 method as well?