Description of problem:
Enabling TLS 1.3 post handshake auth also enables cert chain validation. OpenSSL documents SSL_VERIFY_POST_HANDSHAKE as ignored for client side. However tls_process_server_certificate in the client state machine code does not ignore the flag and checks for a correct cert chain.
see https://github.com/openssl/openssl/issues/9259 and https://github.com/openssl/openssl/blob/743694a6c29e5a6387819523fad5e3b7e613f1ee/ssl/statem/statem_clnt.c#L1899-L1918
Version-Release number of selected component (if applicable):
Steps to Reproduce:
See test case https://github.com/python/cpython/blob/fc1fbe6099e826e8304eadf781af7c10d739fc40/Lib/test/test_ssl.py#L4437-L4466
SSL/TLS connection fails with cert validation error
SSL/TLS connection should not fail with a cert validation error when verify mode is set to CERT_NONE
could you please add a doc type/text here?
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.