How to get certificate for custom validation?

[xlc]

I need to have some custom cert validation logic for both side of the connection. I am using QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION | QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED | QUIC_CREDENTIAL_FLAG_USE_PORTABLE_CERTIFICATES for credential flags for server and server_flags | QUIC_CREDENTIAL_FLAG_CLIENT for client.

I am using QUIC_CREDENTIAL_TYPE_CERTIFICATE_PKCS12 for credential type for both server and client.

I did receive the certificate in QUIC_CONNECTION_EVENT_PEER_CERTIFICATE_RECEIVED for the client. However, I received NULL certification on the server side.

Did I miss some flags to allow me to get the certificate on server side?

I am testing this in a unit test so both client and server are in a same process sharing the same API table and registration. A same PKCS12 key is used for both server and client. Not sure if those matters.

[anrossi]

The server needs to also use the QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION flag to request the certificate from the client; otherwise, the client will not send the certificate, even if configured with one.
See here: https://github.com/microsoft/msquic/blob/main/docs/api/QUIC_CREDENTIAL_CONFIG.md

[xlc]

Thanks. That got it working.