56 lines
1.8 KiB
Diff
56 lines
1.8 KiB
Diff
From 270badae7595332807d71b946446a70137369bf0 Mon Sep 17 00:00:00 2001
|
|
From: Joe Orton <jorton@redhat.com>
|
|
Date: Sat, 26 Jan 2019 11:16:08 +0100
|
|
Subject: [PATCH] Enable Post-Handshake-Authentication (TLSv1.3 feature)
|
|
client-side iff available.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
lib/IO/Socket/SSL.pm | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
|
|
index f35211b..0a0eef6 100644
|
|
--- a/lib/IO/Socket/SSL.pm
|
|
+++ b/lib/IO/Socket/SSL.pm
|
|
@@ -67,6 +67,7 @@ my $can_ecdh; # do we support ECDH key exchange
|
|
my $can_ocsp; # do we support OCSP
|
|
my $can_ocsp_staple; # do we support OCSP stapling
|
|
my $can_tckt_keycb; # TLS ticket key callback
|
|
+my $can_pha; # do we support PHA
|
|
BEGIN {
|
|
$can_client_sni = Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x01000000;
|
|
$can_server_sni = defined &Net::SSLeay::get_servername;
|
|
@@ -87,6 +88,7 @@ BEGIN {
|
|
&& defined &Net::SSLeay::set_tlsext_status_type;
|
|
$can_tckt_keycb = defined &Net::SSLeay::CTX_set_tlsext_ticket_getkey_cb
|
|
&& $Net::SSLeay::VERSION >= 1.80;
|
|
+ $can_pha = defined &Net::SSLeay::CTX_set_post_handshake_auth;
|
|
}
|
|
|
|
my $algo2digest = do {
|
|
@@ -2018,6 +2020,7 @@ sub can_ecdh { return $can_ecdh }
|
|
sub can_ipv6 { return CAN_IPV6 }
|
|
sub can_ocsp { return $can_ocsp }
|
|
sub can_ticket_keycb { return $can_tckt_keycb }
|
|
+sub can_pha { return $can_pha }
|
|
|
|
sub DESTROY {
|
|
my $self = shift or return;
|
|
@@ -2602,6 +2605,9 @@ sub new {
|
|
"Failed to load key from file (no PEM or DER)");
|
|
}
|
|
|
|
+ Net::SSLeay::CTX_set_post_handshake_auth($ctx,1)
|
|
+ if (!$is_server && $can_pha && $havecert && $havekey);
|
|
+
|
|
# replace arg_hash with created context
|
|
$ctx{$host} = $ctx;
|
|
}
|
|
--
|
|
2.17.2
|
|
|