Reputation: 29
HTTPS connection with no client certificate using mbedTLS
I need (because I was told to) to connect to an endpoint that ends up at gooogleapis.com without having a client certificate. RFC5246 says this is possible:
If no suitable certificate is available, the client MUST send a certificate message containing no certificates. That is, the certificate_list structure has a length of zero.
But I have no idea how this can be done. I'm using mbedTLS 2.13.1 in an embedded system. The single example code I have uses a client certificate, and mbedTLS has no documentation about how to do otherwise.
Upvotes: 0
Views: 1215
Answers (1)
Reputation: 29
I heard back TrustedFirmware, who now owns mbedTLS:
If you don't want to provision a client certificate in your TLS client, all you have to do is to not call
mbedtls_ssl_conf_own_cert()in your client code. Then the library will send an empty certificate list as required by the standard.Actually in the example code you have, if you look at the second and third argument in the call to
mbedtls_ssl_conf_own_cert(), you should be able to remove all references to those arguments, and end up with a functional example without client certificates.
This seems to work.
Upvotes: 2
Related Questions
- Specifying Arduino WiFiClientSecure Certificates
- mbedtls cannot parse valid x509 certificate
- STM32Cube_FW_F7 client mbedTLS SSL handshake fails with FATAL_ALERT
- TLS with client certificate failing handshake
- Cannot connect to https server using mbedtls example client
- How to configure Mosca for mqtts without the client having a certificate?
- Installing mbed TLS with libmbedtls-dev
- SSL certificate verification on ESP8266 Wemos D1 Mini with MQTT broker
- Tls handshake fails even though ciphersuites in common
- Issue connecting to MobileFirst Server via HTTPS