0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch (822B)
- From ce2e99a74f9216fa5783a6bc943c228788fd469c Mon Sep 17 00:00:00 2001
- From: Michael Forney <mforney@mforney.org>
- Date: Thu, 13 May 2021 22:17:56 -0700
- Subject: [PATCH] Use patched bearssl flag to force CertificateRequest
- ---
- tls_server.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
- diff --git a/tls_server.c b/tls_server.c
- index 2436036..7f578b8 100644
- --- a/tls_server.c
- +++ b/tls_server.c
- @@ -339,11 +339,7 @@ tls_accept_common(struct tls *ctx)
- if (tls_configure_x509(conn_ctx) != 0)
- goto err;
- - if (ctx->config->ca_len == 0) {
- - tls_set_errorx(ctx, "cannot verify client without trust anchors");
- - goto err;
- - }
- -
- + flags |= BR_OPT_REQUEST_CLIENT_CERT;
- br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server,
- ctx->config->ca, ctx->config->ca_len);
- --
- 2.31.1