The thing is that the same set up with RSA key-pair set signed clientcertificate works fine. But the ed25519 setup fails.
a reproducible code example:
git@github.com:unegare/ed25519okhttpExample.git
running it against an openssl s_server faces the following error:
$ openssl s_server -cert ./ed25519_cert_1.pem -key ./ed25519_key_1.pem -Verify 1 -accept 0.0.0.0:3000 -www
verify depth is 1, must return a certificate
Using default temp DH parameters
ACCEPT
4017FB7DA17D0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:../ssl/t1_lib.c:3252:
or
$ openssl s_server -cert ./ed25519_cert_1.pem -key ./ed25519_key_1.pem -Verify 1 -accept 0.0.0.0:3000 -www
verify depth is 1, must return a certificate
Using default temp DH parameters
ACCEPT
4017FB7DA17D0000:error:0A0000C7:SSL routines:tls_process_client_certificate:peer did not return a certificate:../ssl/statem/statem_srvr.c:3509:
The thing is that the same set up with RSA key-pair set signed clientcertificate works fine. But the ed25519 setup fails.
a reproducible code example:
git@github.com:unegare/ed25519okhttpExample.git
running it against an openssl s_server faces the following error:
or