Authentication
The last three messages that the server and client send to each other in a TLS handshake are Certificate, CertificateVerify, and Finished.
Certificate
This message contains the authentication certificate and any other supporting certificates in the
certificate chain. The server must send this message if the key exchange method uses certificates
for authentication. The client must send this if and only if the server requested client
authentication through a CertificateRequest message. The certificate message includes the following fields:
certificate_list
: This field contains a sequence of CertificateEntry structures, each containing a single certificate and a set of extensionsextensions
: Extensions that the Certificate message may contain include the following:status_request
: See Determine X.509 certificate revocation status with OCSPsigned_certificate_timestamp
: TLS clients won’t accept certificates unless they are logged. When a valid certificate is submitted to a log, the log must return a Signed Certificate Timestamp (SCT); see RFC 6962: Certificate Transparency.
CertificateVerify
This message contains a signature over the entire handshake using the private key corresponding
to the public key in the Certificate message. It provides proof that the client or the server has
the private key corresponding to its certificate. This message includes the following fields:
algorithm
: This field contains the signature algorithm used.signature
: This field contains the digital signature using the algorithm.
Finished
This message contains a Message Authentication Code (MAC) over the entire handshake. Once the client and server have verified the Finished messages that they have received from their peers, both sides may send and receive application data over the connection.