Add client_cert_optional to tlcp/tls12

2026-06-20 03:44:15 +08:00 · 2026-06-17 16:42:29 +08:00
parent 765e4d7747
commit b0e5c4aa1b
10 changed files with 30 additions and 16 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -819,7 +819,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1083")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1084")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
--- a/include/gmssl/tls.h
+++ b/include/gmssl/tls.h
@@ -1441,7 +1441,7 @@ int tls13_record_get_handshake_certificate_request(const uint8_t *record,
 	const uint8_t **exts, size_t *exts_len);
 int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen);
-int tls13_ctx_enable_client_certificate_optional(TLS_CTX *ctx, int enable);
+int tls_ctx_enable_client_certificate_optional(TLS_CTX *ctx, int enable);
 // EndOfEarlyData
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1083"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1084"
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
--- a/src/tls.c
+++ b/src/tls.c
@@ -3015,6 +3015,16 @@ int tls_ctx_set_key_update_seq_num_limit(TLS_CTX *ctx, size_t max_seq_num)
 	return 1;
 }
 int tls_ctx_enable_client_certificate_optional(TLS_CTX *ctx, int enable)
 {
 	if (!ctx) {
 		error_print();
 		return -1;
 	}
 	ctx->client_certificate_optional = enable ? 1 : 0;
 	return 1;
 }
 static int tls_ctx_get_certificate_chain(const TLS_CTX *ctx, size_t idx,
 	const uint8_t **cert_chain, size_t *cert_chain_len)
 {
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3447,16 +3447,6 @@ int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *d
 	return 1;
 }
 int tls13_ctx_enable_client_certificate_optional(TLS_CTX *ctx, int enable)
 {
 	if (!ctx) {
 		error_print();
 		return -1;
 	}
 	ctx->client_certificate_optional = enable ? 1 : 0;
 	return 1;
 }
 /*
 CertificateVerify
--- a/tools/tlcp_client.c
+++ b/tools/tlcp_client.c
@@ -401,6 +401,13 @@ bad:
 		}
 	}
 	if (client_cert_optional) {
 		if (tls_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
 			error_print();
 			goto end;
 		}
 	}
 	if (alpn_protocols_cnt) {
 		if (tls_ctx_set_application_layer_protocol_negotiation(&ctx,
 			alpn_protocols, alpn_protocols_cnt) != 1) {
--- a/tools/tls12_client.c
+++ b/tools/tls12_client.c
@@ -386,6 +386,13 @@ bad:
 		}
 	}
 	if (client_cert_optional) {
 		if (tls_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
 			error_print();
 			goto end;
 		}
 	}
 	if (cacertfile) {
 		if (tls_ctx_set_ca_certificates(&ctx, cacertfile, verify_depth) != 1) {
 			fprintf(stderr, "%s: failed to load CA certificate\n", prog);
--- a/tools/tls12_server.c
+++ b/tools/tls12_server.c
@@ -354,7 +354,7 @@ bad:
 			goto end;
 		}
 		if (client_cert_optional) {
-			if (tls13_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
+			if (tls_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
 				error_print();
 				goto end;
 			}
--- a/tools/tls13_client.c
+++ b/tools/tls13_client.c
@@ -600,7 +600,7 @@ bad:
 	// CertificateRequest
 	if (client_cert_optional) {
-		if (tls13_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
+		if (tls_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
 			error_print();
 			goto end;
 		}
--- a/tools/tls13_server.c
+++ b/tools/tls13_server.c
@@ -418,7 +418,7 @@ bad:
 			goto end;
 		}
 		if (client_cert_optional) {
-			if (tls13_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
+			if (tls_ctx_enable_client_certificate_optional(&ctx, 1) != 1) {
 				error_print();
 				goto end;
 			}