[openssl-users] sendmail, openssl 1.1.1, tls1.3

Viktor Dukhovni openssl-users at dukhovni.org
Wed Nov 14 02:55:48 UTC 2018


> On Nov 13, 2018, at 9:45 PM, Claus Assmann <ca+ssl-users at esmtp.org> wrote:
> 
> I'm a bit confused why this happens -- the OpenSSL documentation
> states:
> ------------------------------------------------------------
>    SSL_CTX_set_client_CA_list() sets the list of CAs sent to the client
>    when requesting a client certificate for ctx. Ownership of list is
> ...
> ------------------------------------------------------------

In 1.1.1 (rather than the upcoming 1.1.1a) that was just one of the things
it did.

> Does SSL_CTX_set_client_CA_list() also set the list of CAs sent by
> the client (a brief look at the source code seems to confirm that,
> but I don't understand the code well enough)?

Yes, that's that the case in 1.1.1 (but not the upcoming 1.1.1a)

> Or what other function
> sets that list? sendmail does not use SSL_CTX_set0_CA_list().

https://github.com/openssl/openssl/pull/7503

-- 
	Viktor.



More information about the openssl-users mailing list