Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send complete certificate chain #3

Open
sdroege opened this issue Sep 18, 2017 · 1 comment
Open

Send complete certificate chain #3

sdroege opened this issue Sep 18, 2017 · 1 comment

Comments

@sdroege
Copy link
Contributor

sdroege commented Sep 18, 2017

This currently is the remaining unit test failure.

It mostly concerns server connections, but probably is also a problem for client-side authentification via certificates. Problem here is that I don't know how to tell SChannel to send the complete chain, there seems to be no API for that available and it does not do that by itself, even if the whole chain is together with the certificate in the key store.
@danwinship
Copy link

but probably is also a problem for client-side authentication via certificates

Probably not actually; clients want to be able to process any server cert, and sometimes they'll need the full chain to be able to do that. But servers are only interested in processing client certs from clients that they know about, and if they get a cert that isn't signed by the expected CA, they'll just reject it immediately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danwinship @sdroege