Secure client does not send it's certificate

Question

Secure client does not send it's certificate

vvoznesensky opened this issue 3 years ago · comments

Vladimir Voznesenskiy commented 3 years ago

Server can be started by the following command:
$ openssl s_server -cert localhost.pem -port 8445 -debug -Verify 3 -security_debug -security_debug_verbose -CAfile ../ca/demoCA/cacert.pem

Client code that cause an error:

#! /usr/bin/tarantool

local log = require('log')
local websocket = require('websocket')
local ssl = require('websocket.ssl')

local ctx = ssl.ctx()
if not ssl.ctx_use_private_key_file(ctx, './certificate.pem') then
    log.info('Error private key')
    return
end

if not ssl.ctx_use_certificate_file(ctx, './certificate.pem') then
    log.info('Error certificate')
    return
end

local function connect(url, ctx)
    local ws, err = websocket.connect(url, nil, {timeout = 3, ctx = ctx})
    if not ws then error(err) end
    return ws
end
local ws = connect('wss://localhost:8445', ctx)

if not ws then
    log.info(err)
    return
end

ws:write('HELLO')
local response = ws:read()
log.info(response)
assert(response.data == 'HELLO')

Server error output:

ERROR
140584994805120:error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate:../ssl/statem/statem_srvr.c:3697:
shutting down SSL
CONNECTION CLOSED

Vladimir Voznesenskiy · Answer 1 · Sat Aug 21 2021 23:37:15 GMT+0800 (China Standard Time)

Made as mistake in calling websocket.connect, so closing.