logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0001-Use-patched-bearssl-flag-to-force-CertificateRequest.patch (850B)

    

  1. From 430580cf1df1fe85f7401ebf3e0005b9f72bfac7 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Thu, 13 May 2021 22:17:56 -0700
  4. Subject: [PATCH] Use patched bearssl flag to force CertificateRequest
  6. ---
  7.  tls_server.c | 7 +------
  8.  1 file changed, 1 insertion(+), 6 deletions(-)
  10. diff --git a/tls_server.c b/tls_server.c
  11. index 87bf4f4..f03d326 100644
  12. --- a/tls_server.c
  13. +++ b/tls_server.c
  14. @@ -332,12 +332,7 @@ tls_accept_common(struct tls *ctx)
  15.  		if (tls_configure_x509(conn_ctx) != 0)
  16.  			goto err;
  17.  
  18. -		if (ctx->config->ca_len == 0) {
  19. -			tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
  20. -			    "cannot verify client without trust anchors");
  21. -			goto err;
  22. -		}
  23. -
  24. +		flags |= BR_OPT_REQUEST_CLIENT_CERT;
  25.  		br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server,
  26.  		    ctx->config->ca, ctx->config->ca_len);
  27.  
  28. -- 
  29. 2.49.0