RFC7250 - RawPublicKey - No Suitable Certificate?

I'm currently on testing the interoperability of the [OpenSSL - RPK PR](https://github.com/openssl/openssl/pull/18185).

If the client has "no suitable certificate", the current implementation in "main" branch aborts the handshake.

[dtls.c: check_server_hellodone](https://github.com/eclipse/tinydtls/blob/main/dtls.c#L3356)

An alternative approach would be, to implement [RFC 5246 - 7.4.6 - Client Certificate](https://www.rfc-editor.org/rfc/rfc5246#section-7.4.6) :

> If no suitable certificate is available,  the client MUST send a certificate message containing no certificates.  That is, the certificate_list structure has a length of zero.

That enables an server to decide to continue or abort.

Any opinions?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RFC7250 - RawPublicKey - No Suitable Certificate? #186

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

RFC7250 - RawPublicKey - No Suitable Certificate? #186

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions