0

I need (because I was told to) to connect to an endpoint that ends up at gooogleapis.com without having a client certificate. RFC5246 says this is possible:

If no suitable certificate is available, the client MUST send a certificate message containing no certificates. That is, the certificate_list structure has a length of zero.

But I have no idea how this can be done. I'm using mbedTLS 2.13.1 in an embedded system. The single example code I have uses a client certificate, and mbedTLS has no documentation about how to do otherwise.

4

1 回答 1

0

我收到了 TrustedFirmware 的回复,他现在拥有 mbedTLS:

如果您不想在您的 TLS 客户端中提供客户端证书,您所要做的就是不调用 mbedtls_ssl_conf_own_cert()您的客户端代码。然后库会按照标准的要求发送一个空的证书列表。

实际上,在您拥有的示例代码中,如果您查看调用中的第二个和第三个参数mbedtls_ssl_conf_own_cert(),您应该能够删除对这些参数的所有引用,并最终得到一个没有客户端证书的功能示例。

这似乎有效。

于 2020-06-23T13:59:52.560 回答