[openssl-users] Preventing Handshake Termination Because of Unverifiable Client Certificates
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Sep 11 07:27:17 UTC 2018
> On Sep 11, 2018, at 2:25 AM, Armen Babikyan <armen.babikyan at gmail.com> wrote:
>
> I realized that something like this could be an option a few minutes after I hit "send". Thanks for the confirmation - I'll give this a shot!
You should also consider what if anything you want to pass to
SSL_CTX_set_client_CA_list(3)
See the docs. Some clients (IIRC Java's TLS stack) don't send any
client certificates unless the server solicits a certificate from
a matching CA, and leaving the list empty may not work for such
clients.
--
Viktor.
More information about the openssl-users
mailing list