logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch (822B)


  1. From ce2e99a74f9216fa5783a6bc943c228788fd469c Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Thu, 13 May 2021 22:17:56 -0700
  4. Subject: [PATCH] Use patched bearssl flag to force CertificateRequest
  5. ---
  6. tls_server.c | 6 +-----
  7. 1 file changed, 1 insertion(+), 5 deletions(-)
  8. diff --git a/tls_server.c b/tls_server.c
  9. index 2436036..7f578b8 100644
  10. --- a/tls_server.c
  11. +++ b/tls_server.c
  12. @@ -339,11 +339,7 @@ tls_accept_common(struct tls *ctx)
  13. if (tls_configure_x509(conn_ctx) != 0)
  14. goto err;
  15. - if (ctx->config->ca_len == 0) {
  16. - tls_set_errorx(ctx, "cannot verify client without trust anchors");
  17. - goto err;
  18. - }
  19. -
  20. + flags |= BR_OPT_REQUEST_CLIENT_CERT;
  21. br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server,
  22. ctx->config->ca, ctx->config->ca_len);
  23. --
  24. 2.31.1