Description
With openssl 1.1.1pre8 the post-handshake authentication is explicitly enabled by openssl when
certificate callbacks are set according to SSL_CTX_set_verify manpage. That's an unexpected behavior for existing TLS1.2 applications (in this particular case it breaks python) which fail because:
- server-side assumes that SSL_CTX contains information about client certs directly after the handshake and before any application data is exchanged.
- client applications that only know to handle client cert auth during the handshake, but not when they are sending/receiving application data.
- client applications that assume that OpenSSL asks for client cert password during the handshake.
A backwards compatible alternative (for tls1.2 apps) would be for applications to explicitly enable
post-handshake authentication via flag in SSL_CTX. That way applications written for tls1.2 will work as intended under tls1.3, while applications which can take advantage of post-handshake authentication will still do, but after explicitly enabling it.