Skip to content

WIP: RFC7250 certificate type negotiation

This merge request contains the implementation of the certificate type negotiation mechanisms that are defined in RFC7250. It enables the possibility to negotiate a certificate type for the client and the server independently. I call this asymmetric certificate types as opposed to a symmetric negotiation where both client and server negotiate the same type. The extensions in RFC7250 need to be enabled by specifying an option in the priority strings. This ensures backwards compatibility with older libraries. This implementation does not contain the full raw certificate type functionality as defined in RFC7250. It only contains the certificate type negotiation mechanisms. A patch containing the rest of the RFC7250 spec, specifically dealing with raw public keys, is currently being worked on.

Basic usage of this implementation: Explicitly enable the asymmetric certificate negotiation mechanism via the priority strings with option %ASYM_CERT_TYPES. Specify allowed certificate types for the client and server separately by using CTYPE-CLI-* and CTYPE-SRV-* patterns in the priority strings.

Edited by username-removed-105950

Merge request reports