Supporting TLS client certificate in PHP?

Omar Polo op at omarpolo.com
Mon Dec 21 08:21:55 GMT 2020

Previous message (by thread): Supporting TLS client certificate in PHP?
Next message (by thread): Supporting TLS client certificate in PHP?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Côme Chilliet <come at chilliet.eu> writes:
> [snip]
> However, even if I was implementing this in C it is not clear to me how to request a client certificate without making it mandatory, is that what SSL_VERIFY_CLIENT_ONCE is for?
> Are there Gemini servers in C with client certificate support of which I could read the code out there?
>
> Côme

I've written my server[0] using LibreSSL (a fork of OpenSSL) and it
supports client certs.  The code is quite short (a bit more than 1k
lines) but the key points for your question are these two lines[1]:

	/* optionally accept client certs, but don't try to verify them */
	tls_config_verify_client_optional(conf);
	tls_config_insecure_noverifycert(conf);

you need to enable optionally the client certs and the tell the library
to not verify the certs.

I don't know how to help you in PHP, but I hope this can help a bit :)

[0]: https://github.com/omar-polo/gmid
[1]: https://github.com/omar-polo/gmid/blob/master/gmid.c#L1076-L1078

Previous message (by thread): Supporting TLS client certificate in PHP?
Next message (by thread): Supporting TLS client certificate in PHP?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list