[openssl-dev] Client Certificate sent though SSL client is configured with NO authentication
Satish.KumarYarru at cognizant.com
Satish.KumarYarru at cognizant.com
Sat Jan 3 06:44:28 UTC 2015
Hi,
I have configured my SSL client with VERIFY_NONE.
But when I perform handshake with SSL Server that is configured with "Dual Authentication", Client is still sending Client Certificate for the Certificate Request sent by client.
But ideally client should not send certificate as the SSL client is configured with NO Authentication. Correct me if I am wrong.
When I debugged, I found client is sending the certificate because Client Certificate is NOT un-loaded in SSL context when client is configured with VERIFY_NONE.
OpenSSL is not providing any API to unload certificate from the SSL context. Can you please help me on how to address this issue?
Regards,
Satish
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
More information about the openssl-dev
mailing list