mirror of
https://github.com/openkmip/pykmip
synced 2025-12-31 23:53:52 +00:00
8fd6349152
This change updates the KmipSession, allowing it to extract client identity from the client certificate of a TLS connection. The certificate subject common name is used as the client identity if the certificate has client authentication set in the extended key usage extension. This change breaks backwards compatibility. If a client certificate does not define a client identity, the session will reject it and shutdown the connection. Any client certificates used to connect with the software server in the past will need to be replaced with certificates that define a suitable client identity.