Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS: don't KEEP_PEER_CERTIFICATE #2893

Closed
nwf opened this issue Aug 21, 2019 · 2 comments
Closed

TLS: don't KEEP_PEER_CERTIFICATE #2893

nwf opened this issue Aug 21, 2019 · 2 comments
Assignees
@nwf

Comments

@nwf
Copy link
Member

nwf commented Aug 21, 2019

mbedTLS is holding on to a copy of the peer certificate for us, just in case we want it later. But none of our APIs expose it to the Lua application. We should flip MBEDTLS_SSL_KEEP_PEER_CERTIFICATE off. This should have no functional consequence.
@nwf nwf self-assigned this Aug 21, 2019
@nwf
Copy link
Member Author

nwf commented Aug 22, 2019

Sigh. This is a 2.17 knob and that isn't even a stable release yet.

@nwf
Copy link
Member Author

nwf commented Aug 24, 2019

Doubly sigh: esconn_mbedtls manually sheds a great deal of TLS state. This is effectively already implemented.

@nwf nwf closed this as completed Aug 24, 2019
@TerryE TerryE mentioned this issue Sep 12, 2019
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nwf nwf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nwf