Hi,
Developing a VPN Client, The server(from cluster chosen by DNS random ip response) may/may not request the certificate from client. Depends on the state MBEDTLS_SSL_CERTIFICATE_REQUEST. Need to enable certain policies iff server request certificate from my client application,
I could tweak into ssl_cli.c to set a global_flag, however, it is not clean way, also tried mbedtls_ssl_get_verify_result, no solution. Any suggestion?
Thanks
Hi @gopi219
I apologize, but I don’t understand your use case.
What kind of policies do you need to enable? What’s your use case and flow?
Regards,
Mbed TLS team member
Ron
Hi,
Thanks for reply. But even am not aware of complete specs. However, as Client developer I need to detect, does the
(1) client is communicating with the server for the first time
(2) server is requesting client’s certificate or not
____-> Currently possible with tweak using a GLOBAL_FLAG
____-> Expecting what mbedtls could offer without any tweak.
If any case is true, need to call some extrnl prog. I guess, some kind of white-listing.
Hi,
(1) client is communicating with the server for the first time
You could consider using session resumption and MBEDTLS_SSL_TICKET_C, as demonstrated in the client example. The client could try to resume a previous connection with the server (you will need to use correct ticket according to the server you are trying to connect, in your client application).
(2) server is requesting client’s certificate or not
Unfortunately, Mbed TLS doesn’t supply means to know if a specific message arrived.
May I know your use case?
Regards,
Ron