Does ureq supports TLS Client Authentication?

[Geobert]

Hi,

I’m trying to make an HTTPS request on a server that enforce TLS client authentication.

I’m using rustls and rustls-native-certs and configured the client like this:

let client_conf = rustls::ClientConfig::builder()
            .with_safe_defaults()
            .with_root_certificates(root_store)
            .with_client_auth_cert(certs, key)
            .map_err(|err| err.to_string());

let agent = ureq::AgentBuilder::new().tls_config(client_config).build();

Then I do my HTTPS request with this agent but I get this error:

Network Error: Error encountered in the status line: received fatal alert: CertificateRequired

[jsha]

Yes, what you're doing should be exactly right, by my reading. Does the same certificate and private key work with another client (e.g. curl)?

Can you run with debug logging turned on? Add env_logger as a dependency, run env_logger::init() in main, and run with RUST_LOG=debug.

[Geobert]

Thanks for the answer! As it’s the first time I use ureq I wanted to make sure that it supports it before digging in my test env, I must have made something wrong :)

[jsha]

By the way, reading https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.2.4 I was trying to figure out whether a server would send certificate_required / CertificateRequired for an invalid certificate, or just a missing one. It's not totally clear what the spec says, so it seems entirely possible the server is simply rejecting your client certificate.