0001-Use-patched-bearssl-flag-to-force-CertificateRequest.patch (850B)
1 From 430580cf1df1fe85f7401ebf3e0005b9f72bfac7 Mon Sep 17 00:00:00 2001 2 From: Michael Forney <mforney@mforney.org> 3 Date: Thu, 13 May 2021 22:17:56 -0700 4 Subject: [PATCH] Use patched bearssl flag to force CertificateRequest 5 6 --- 7 tls_server.c | 7 +------ 8 1 file changed, 1 insertion(+), 6 deletions(-) 9 10 diff --git a/tls_server.c b/tls_server.c 11 index 87bf4f4..f03d326 100644 12 --- a/tls_server.c 13 +++ b/tls_server.c 14 @@ -332,12 +332,7 @@ tls_accept_common(struct tls *ctx) 15 if (tls_configure_x509(conn_ctx) != 0) 16 goto err; 17 18 - if (ctx->config->ca_len == 0) { 19 - tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 20 - "cannot verify client without trust anchors"); 21 - goto err; 22 - } 23 - 24 + flags |= BR_OPT_REQUEST_CLIENT_CERT; 25 br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server, 26 ctx->config->ca, ctx->config->ca_len); 27 28 -- 29 2.49.0 30