You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The TLS authenticator which is a part of ctx, which is passed to conduit_lwt_unix.serve, seems to not get passed on to the underlying library. This only applies to server mode and I am only looking at conduit_lwt_unix for now.
You can see this in the functions conduit_lwt_unix.serve_with_tls_native and conduit_lwt_unix.serve_with_open_ssl. The tls_authenticator field of the context is no longer accessed.
Is this expected or am I seeing this wrong?
I've manually patched conduit_lwt_unix to pass ~authenticator to Conduit_lwt_tls.Server.init, and I'm passing a simple dir-based authenticator which reads my /etc/ssl/certs, and only then do the values in epoch_data related to client auth get filled in. Otherwise entire chunks of code in tls related to client authentication are skipped, as client_auth will be detected as false.
And is it so that in the openssl case (serve_with_open_ssl) we must still drop it? Because the underlying library doesn't know what to do with an X509.Authenticator.t. If this is so it is rather confusing; it would mean that the way one populates the ctx in the initial conduit call depends on the underlying library used.
The text was updated successfully, but these errors were encountered:
The TLS authenticator which is a part of
ctx, which is passed toconduit_lwt_unix.serve, seems to not get passed on to the underlying library. This only applies to server mode and I am only looking atconduit_lwt_unixfor now.You can see this in the functions
conduit_lwt_unix.serve_with_tls_nativeandconduit_lwt_unix.serve_with_open_ssl. Thetls_authenticatorfield of the context is no longer accessed.Is this expected or am I seeing this wrong?
I've manually patched conduit_lwt_unix to pass
~authenticatortoConduit_lwt_tls.Server.init, and I'm passing a simple dir-based authenticator which reads my /etc/ssl/certs, and only then do the values inepoch_datarelated to client auth get filled in. Otherwise entire chunks of code intlsrelated to client authentication are skipped, asclient_authwill be detected asfalse.And is it so that in the openssl case (
serve_with_open_ssl) we must still drop it? Because the underlying library doesn't know what to do with anX509.Authenticator.t. If this is so it is rather confusing; it would mean that the way one populates thectxin the initial conduit call depends on the underlying library used.The text was updated successfully, but these errors were encountered: