logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch (822B)

    

  1. From ce2e99a74f9216fa5783a6bc943c228788fd469c Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Thu, 13 May 2021 22:17:56 -0700
  4. Subject: [PATCH] Use patched bearssl flag to force CertificateRequest
  6. ---
  7.  tls_server.c | 6 +-----
  8.  1 file changed, 1 insertion(+), 5 deletions(-)
  10. diff --git a/tls_server.c b/tls_server.c
  11. index 2436036..7f578b8 100644
  12. --- a/tls_server.c
  13. +++ b/tls_server.c
  14. @@ -339,11 +339,7 @@ tls_accept_common(struct tls *ctx)
  15.  		if (tls_configure_x509(conn_ctx) != 0)
  16.  			goto err;
  17.  
  18. -		if (ctx->config->ca_len == 0) {
  19. -			tls_set_errorx(ctx, "cannot verify client without trust anchors");
  20. -			goto err;
  21. -		}
  22. -
  23. +		flags |= BR_OPT_REQUEST_CLIENT_CERT;
  24.  		br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server,
  25.  		    ctx->config->ca, ctx->config->ca_len);
  26.  
  27. -- 
  28. 2.31.1