Acceptable client certificate CA names not added

Question

Acceptable client certificate CA names not added

Opened this issue 5 years ago · 2 comments

The latest commit aac78ce is designed to add "Acceptable client certificate CA names" to the output, if they exist.
In my case, the output of s_client contains "Acceptable client certificate CA names", but they don't appear in the JSON output of openssl-parse.

Looking at the s_client.py code, I think the problem is that my s_client output has no line containing "Client Certificate Types".
handshake.txt

I used:

$ openssl s_client -state -prexit -showcerts -connect 52.178.194.199:8883 2>/dev/null > handshake.txt

OpenSSL 1.1.1 11 Sep 2018
Ubuntu 18.04.3 LTS

Answer 1 · 2019-10-21T19:45:45.000Z

Fixed, testing against two different output formats. I was using openssl 1.1 from homebrew on macOS to generate the output. The client cert block can now be delimited by 'Client Certificate Types' or 'Requested Signature Algorithm'

Answer 2 · 2019-10-22T08:41:45.000Z

Works for me, thanks.

Minor suggestion:
Group "Acceptable client certificate CA names", "Requested Signature Algorithms", & "Shared Requested Signature Algorithms" under a field called "Client Certificate Request", or similar.
Just to distinguish them from "Peer signing digest", "Peer signature type", & "Server Temp Key".