[racket] outgoing https requests with client certificate with plt 4.2.5
FYI...
I have not yet been able to get outgoing SSL client certificate
authentication to work with the 4.2.5 "openssl" module. It appears to
hang in SSL handshaking sometime after authenticating the server by a
CA. I *have*, however, been able to do the HTTPS request using Firefox,
"curl", and "openssl s_client" using the same test environment.
The PLT "collects/openssl/mzssl.ss" code appears thoughtful and of good
quality. I have not yet found any bugs by code inspection that should
cause this problem. However, I now suspect that this code has never
been used to do outgoing client certificate authentication (i.e., when
PLT is making the SSL connection as a client, providing a certificate to
authenticate the client end to the server), not even in a test case.
(The "handin" stuff does cert auth of the server, but not of the client.)
It's possible that the problem is in the data I am supplying (example I
found: OpenSSL C library specifies some restrictions that are not
documented for "ssl-load-certificate-chain!"), or that I have something
like an I/O buffering/termination bug in the small tweaks I've made to
hook SSL up to 4.2.5 "url.ss" and make the SSL context a Scheme
parameter. I've eliminated numerous other possible causes.
The test environment and the small tweaks are not something that can be
pasted into an email, unfortunately.
I will be debugging on this a little more right now. Because this is a
slow thing to debug, probably I will have to write a new little HTTPS
client library that serves my immediate need.
--
http://www.neilvandyke.org/
![[logo]](/logo.png){kind=logo}