RFC7250 - RawPublicKey - No Suitable Certificate?

I'm currently on testing the interoperability of the [OpenSSL - RPK PR](https://github.com/openssl/openssl/pull/18185).

If the client has "no suitable certificate", the current implementation in "main" branch aborts the handshake.

[dtls.c: check_server_hellodone](https://github.com/eclipse/tinydtls/blob/main/dtls.c#L3356)

An alternative approach would be, to implement [RFC 5246 - 7.4.6 - Client Certificate](https://www.rfc-editor.org/rfc/rfc5246#section-7.4.6) :

> If no suitable certificate is available,  the client MUST send a certificate message containing no certificates.  That is, the certificate_list structure has a length of zero.

That enables an server to decide to continue or abort.

Any opinions?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RFC7250 - RawPublicKey - No Suitable Certificate? #186

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

RFC7250 - RawPublicKey - No Suitable Certificate? #186

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions