GNOME Bugzilla – Bug 689260
Fix problems with TLS client auth failure
Last modified: 2012-11-29 22:05:11 UTC
Some corner-case problems manifest themselves when the client certificate auth fails. See attached patches for descriptions of the issues.
Created attachment 230162 [details] [review] gnutls: Appropriate error when server requires cert but none When the server requires a certificate for auth, but none is provider, return the appropriate G_TLS_ERROR_CERTIFICATE_REQUIRED error.
Created attachment 230163 [details] [review] gnutls: Allow closing a connection cleanly if handshake fails Only set the internal ever_handshaked flag if the handshake was successful. Otherwise using g_io_stream_close() after a handshake failure results in an internal gnutls error.
Created attachment 230164 [details] [review] tls: Add a test for client certificate auth failure Add a test where the server requires a certificate from the client but the server doesn't provide any.
Comment on attachment 230162 [details] [review] gnutls: Appropriate error when server requires cert but none ok, though a test would be nice too
Comment on attachment 230164 [details] [review] tls: Add a test for client certificate auth failure oh, hey, how bout that
Attachment 230162 [details] pushed as 81a9ae3 - gnutls: Appropriate error when server requires cert but none Attachment 230163 [details] pushed as 0084d6b - gnutls: Allow closing a connection cleanly if handshake fails Attachment 230164 [details] pushed as 8576a5f - tls: Add a test for client certificate auth failure