Post-request TLS renegotiation for client certs

[DaveCTurner]

Hi,

I'm in the process of debugging a non-Haskell HTTPS issue and have come across a protocol flow that I was previously unaware of. When using client certificates to authenticate to IIS, the initial connection is set up without client certificates (the server sends no CertificateRequest message) and then once the request is received the connection is renegotiated. This means that it can decide whether or not to request a client cert (and even decide which certs to request) on a per-request basis rather than just when the connection is opened.

This is definitely not possible with the current wai API. As far as I can tell it's also not supported in Nginx or Apache either: in both cases, the client cert verification config applies to the whole server/vhost and the cert exchange occurs when the connection is being established. So this is a fairly speculative nice-to-have, but I thought it was worth raising anyway.

Cheers,

David

[kazu-yamamoto]

Yeah, this is a weak point of WAI.

When a client send a request to protected resource, the following should be carried out:

• The server sends HelloRequest
• The client sends ClientHello for renegociation
• The server sends ServerHello with CertificateRequest to request client's certificate

I should learn that the tls library allows this. If not, I should enhance it.

@DaveCTurner In WAI side, what kind of API, you think, is necessary?

[DaveCTurner]

Now that is a good question!

My first thought is to add a field to Request of (moral) type ExtraAuthRequest -> IO ExtraAuthResponse.

I imagine, although have not checked, that TLS allows you to do this renegotiation (a) multiple times and (b) even after the response has been partially sent. If so, a function of that type is all that's needed.