Skip to content

Q: ESP8266/axTLS: peer certificates in SSL, and certificate verification? #1937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
capablegh opened this issue Apr 19, 2016 · 2 comments
Closed

Q: ESP8266/axTLS: peer certificates in SSL, and certificate verification? #1937

capablegh opened this issue Apr 19, 2016 · 2 comments

Comments

@capablegh
Copy link

Is there any means for an SSL client to provide it's certificate so that the server can validate the client's identity? I believe this capability is available within OpenSSL, not sure how heavy/large it is for the memory/flash available.

Also, just as an SSL connection is about to be established and the remote certificate is presented, can this certificate be validated against the local CA/chain?
@igrr
Copy link
Member

igrr commented Apr 19, 2016

There is an open issue to document client side certificate support: #1743
Regarding server certificate verification, there is limited support for this: currently you can verify certificate SHA-1 fingerprint and subject name (or SAN). See Examples > ESP8266WiFi > HTTPSRequest for example.
There is an open issue to add support for validation against local CA/chain: #1851.

@igrr igrr closed this as completed Apr 19, 2016
@capablegh
Copy link
Author

Thanks for the quick response, contributions, and the efforts!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@igrr @capablegh