0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch (822B)
1 From ce2e99a74f9216fa5783a6bc943c228788fd469c Mon Sep 17 00:00:00 2001 2 From: Michael Forney <mforney@mforney.org> 3 Date: Thu, 13 May 2021 22:17:56 -0700 4 Subject: [PATCH] Use patched bearssl flag to force CertificateRequest 5 6 --- 7 tls_server.c | 6 +----- 8 1 file changed, 1 insertion(+), 5 deletions(-) 9 10 diff --git a/tls_server.c b/tls_server.c 11 index 2436036..7f578b8 100644 12 --- a/tls_server.c 13 +++ b/tls_server.c 14 @@ -339,11 +339,7 @@ tls_accept_common(struct tls *ctx) 15 if (tls_configure_x509(conn_ctx) != 0) 16 goto err; 17 18 - if (ctx->config->ca_len == 0) { 19 - tls_set_errorx(ctx, "cannot verify client without trust anchors"); 20 - goto err; 21 - } 22 - 23 + flags |= BR_OPT_REQUEST_CLIENT_CERT; 24 br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server, 25 ctx->config->ca, ctx->config->ca_len); 26 27 -- 28 2.31.1 29