Skip to content

Enable opportunistic TLS verification #565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 29, 2025
Merged

Enable opportunistic TLS verification #565

merged 7 commits into from
Oct 29, 2025

Conversation

@josephnoir
Copy link
Contributor

@josephnoir josephnoir commented Oct 29, 2025

Motivation:

In some scenarios a server might want to accept connections from both, authenticated and not authenticated peers and defer decisions after the handshake. This new options allows a host to only do TLS verificaiton if the peer presents certificates and accept connections otherwise.

Modifications:

Add a new associated value to the none case of
CertificationVerification to maintain backwards compatibility. This option enables opportunistic verification.

Result:

A new configuration case for TLS verification.

josephnoir and others added 4 commits October 27, 2025 17:21
@josephnoir
Enable opportunistic TLS verification
654e381 
Motivation:

In some scenarios a server might want to accept connections from both,
authenticated and not authenticated peers and defer decisions after the
handshake. This new options allows a host to only do TLS
verificaiton if the peer presents certificates and accept connections
otherwise.

Modifications:

Add a new associated value to the `none` case of
`CertificationVerification` to maintain backwards compatibility. This
option enables opportunistic verification.

Result:

A new configuration case for TLS verification.
@aryan-25
Merge branch 'main' into opportunistic-tls-verification
6914827
@aryan-25
Add tests
ddde68b
@aryan-25
Remove redundant default block
52d6bd9
@josephnoir josephnoir added the 🆕 semver/minor Adds new public API. label Oct 29, 2025
@josephnoir josephnoir marked this pull request as ready for review October 29, 2025 13:34
@Lukasa Lukasa merged commit 173cc69 into apple:main Oct 29, 2025
47 of 48 checks passed
@josephnoir josephnoir deleted the opportunistic-tls-verification branch October 29, 2025 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lukasa Lukasa Lukasa approved these changes

Assignees

No one assigned

Labels

🆕 semver/minor Adds new public API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@josephnoir @Lukasa @aryan-25