[Bug 1630391] New: expose SSL_CTX_set_post_handshake_auth
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1630391
Bug ID: 1630391
Summary: expose SSL_CTX_set_post_handshake_auth
Product: Fedora
Version: 29
Component: perl-Net-SSLeay
Assignee: paul(a)city-fan.org
Reporter: jorton(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jose.p.oliveira.oss(a)gmail.com, kasal(a)ucw.cz,
paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org
Created attachment 1484388
--> https://bugzilla.redhat.com/attachment.cgi?id=1484388&action=edit
PoC patch
Description of problem:
Post-Handshake-Auth is disabled by default in OpenSSL 1.1.1. Can you expose
SSL_CTX_set_post_handshake_auth so this can be re-enabled client side?
Version-Release number of selected component (if applicable):
perl-Net-SSLeay-1.85-7
How reproducible:
always
Steps to Reproduce:
1. use server requiring PHA
Actual results:
fail
Expected results:
success
Additional info:
httpd upstream test suite uses this, can give detailed repro case if required
patch attached though is I assume not upstream-worthy without #ifdef version
checks
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 7 months
[Bug 1632660] New: TLSv1.3 - enable post-handshake auth
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1632660
Bug ID: 1632660
Summary: TLSv1.3 - enable post-handshake auth
Product: Fedora
Version: 29
Component: perl-IO-Socket-SSL
Assignee: paul(a)city-fan.org
Reporter: jorton(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alexl(a)redhat.com, caillon+fedoraproject(a)gmail.com,
jose.p.oliveira.oss(a)gmail.com, mbarnes(a)fastmail.com,
paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com
Created attachment 1486709
--> https://bugzilla.redhat.com/attachment.cgi?id=1486709&action=edit
PoC patch
Description of problem:
Post-handshake auth is disabled by default with TLSv1.3. IMO this is an error
but upstream don't seem inclined to reverse it atm, see
https://github.com/openssl/openssl/issues/6933
Version-Release number of selected component (if applicable):
perl-IO-Socket-SSL-2.059-2.fc29
How reproducible:
always
Steps to Reproduce:
1. try using TLSv1.3 post-handshake auth
Actual results:
fail
Expected results:
success
Additional info:
Can provide more detailed repro case if required.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 7 months