Focal's curl 7.68.0-1ubuntu2.6 now supports post-handshake client authentication.
curl \ --tls-max 1.2 \ --cacert ~/.koji/pki/koji-ca.crt \ --cert ~/koji-ansible/koji-tools/admin.crt \ --key ~/koji-ansible/koji-tools/admin.key \ https://localhost/kojihub/ssllogin
However, python-requests on Focal or Groovy still cannot do post-handshake client auth with the default SSLProtocol setting. Sample Python script:
import requests
r = requests.get('https://localhost/kojihub/ssllogin', verify='.koji/pki/koji-ca.crt', cert=('koji-ansible/koji-tools/admin.crt', 'koji-ansible/koji-tools/admin.key')) r.raise_for_status()
The Apache error logs say:
[ssl:error] AH10158: cannot perform post-handshake authentication [ssl:error] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received
Applying https://github.com/psf/requests/commit/db47b9b4a0c5877fb97f64ac442757604c4c45cc or updating to hirsute's python3-requests_2.25.1+dfsg-2 does work.
Focal's curl 7.68.0-1ubuntu2.6 now supports post-handshake client authentication.
curl \ pki/koji- ca.crt \ ansible/ koji-tools/ admin.crt \ ansible/ koji-tools/ admin.key \ /localhost/ kojihub/ ssllogin
--tls-max 1.2 \
--cacert ~/.koji/
--cert ~/koji-
--key ~/koji-
https:/
However, python-requests on Focal or Groovy still cannot do post-handshake client auth with the default SSLProtocol setting. Sample Python script:
import requests
r = requests.get('https:/ /localhost/ kojihub/ ssllogin',
verify= '.koji/ pki/koji- ca.crt' ,
cert= ('koji- ansible/ koji-tools/ admin.crt' ,
'koji- ansible/ koji-tools/ admin.key' )) for_status( )
r.raise_
The Apache error logs say:
[ssl:error] AH10158: cannot perform post-handshake authentication SSL_verify_ client_ post_handshake: extension not received
[ssl:error] SSL Library Error: error:14268117:SSL routines:
Applying https:/ /github. com/psf/ requests/ commit/ db47b9b4a0c5877 fb97f64ac442757 604c4c45cc or updating to hirsute's python3- requests_ 2.25.1+ dfsg-2 does work.