NetX TLS 1.3 client certificate authentication
Hello
I am working to evaluate NetX for our product. My task is to set up a TLS server using NetX secure and test it using openssl.
My task is to implement client authentication using certificate chain.
Netx_secure is compiled with TLS1.3, AEAD, CLIENT_CERTIFICATE_VERIFY and SELF_SIGNED_CERTIFICATE
I set up the server using the exemple provided in https://learn.microsoft.com/en-us/azure/rtos/netx-duo/netx-secure-tls/chapter2#small-example-system-tls-web-server, adapting socket behavior to my needs.
And I set up the client certificate authentication with this steps (https://learn.microsoft.com/en-us/azure/rtos/netx-duo/netx-secure-tls/chapter3#client-certificate-authentication-for-tls-servers)
- nx_secure_x509_certificate_initialize
- nx_secure_tls_trusted_certificate_add
- To add the root certificate
- nx_secure_tls_session_client_verify_enable
- nx_secure_tls_session_x509_client_verify_configure
- nx_secure_tls_session_certificate_callback_set
--
For the test, I use openssl s_client :
(certBundle contain user's certificate chain and server CA chain)
- TLS 1.2 : openssl s_client -tls1_2 -cert user.pem -key user1.key -CAfile certBundle.pem -connect IP:PORT -state : works fine
- TLS 1.3 : openssl s_client -tls1_3 -cert user.pem -key user1.key -CAfile certBundle.pem -connect IP:PORT -state :
fails with error code 0x145 (NX_SECURE_TLS_CERTIFICATE_REQUIRED) and SSL alert 116 (certificate required)
- When I add the debug flag in openssl, I do not see the user's certificate chain being sent (visible in 1.2)
Am I missing a step ?