c++ - GNU libmicrohttpd with client TLS allows empty certificate
问题描述
I am using GNU libmicrohttpd to establish HTTPS server. My requirement is that the server and the client both authenticate during the TLS handshake however what I observe is that even if the client sends empty certificate the connection is accepted.
in wireshark I see that the server requests certificate and the client sends certificate with len 0. How to make the microhttpd to not accept that case - the certificate must always be verified with the provided CA pem?
if(!(server_handle = MHD_start_daemon(flags, port, NULL, NULL,
&mhttpd_layer::access_handler_callback, callback_data,
// now, continue with the options
MHD_OPTION_NOTIFY_COMPLETED, &mhttpd_layer::request_completed_callback, l_callback_data,
MHD_OPTION_SOCK_ADDR, (sockaddr*) &(it->addr),
MHD_OPTION_CONNECTION_TIMEOUT, it->conn_timeout,
MHD_OPTION_CONNECTION_LIMIT, it->conn_limit,
MHD_OPTION_PER_IP_CONNECTION_LIMIT, it->per_ip_conn_limit,
// HTTPS certificate options
MHD_OPTION_HTTPS_MEM_KEY, it->https_key_buff.data(),
MHD_OPTION_HTTPS_MEM_CERT, it->https_cert_buff.data(),
MHD_OPTION_HTTPS_MEM_TRUST, it->https_turst_ca_buff.data(),
MHD_OPTION_END)))
Maybe I should manually on the access callback retrieve the certificate as described by their tutorial (https://www.gnu.org/software/libmicrohttpd/tutorial.html#Adding-a-layer-of-security) ? In this case why do I provide the CA - this doesn't seem the proper way to me?
解决方案
推荐阅读
- wordpress - 在欧盟开发健康相关软件之前,我需要了解什么?
- templates - 如何在 vim-latex 套件模板中包含自定义包?
- c++ - #define 如何知道何时停止查找?
- excel - 如何在 Excel 股票中获得 WTI 原油价格?
- javascript - 使用预定义的字符串 keyholder 从字符串中提取值
- sql - 在 If 语句中使用 Like "*" 运算符
- reactjs - 如何在 css-modules 中实现 react-dates css?
- javascript - 如何用正则表达式计算或替换javascript中{}或[]之间的所有匹配词?
- javascript - 当前月份的第一天和最后一天是错误的
- docker - 如何获取主机名并重命名 docker 容器?