[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 138/282: GnuTLS: Always send client cert
From: |
gnunet |
Subject: |
[gnurl] 138/282: GnuTLS: Always send client cert |
Date: |
Wed, 01 Apr 2020 14:30:03 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 41fcb4f609d41b55956865b5927cfc0beba81671
Author: jethrogb <address@hidden>
AuthorDate: Thu Feb 20 20:36:25 2020 +0100
GnuTLS: Always send client cert
TLS servers may request a certificate from the client. This request
includes a list of 0 or more acceptable issuer DNs. The client may use
this list to determine which certificate to send. GnuTLS's default
behavior is to not send a client certificate if there is no
match. However, OpenSSL's default behavior is to send the configured
certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL
behavior.
Authored-by: jethrogb on github
Fixes #1411
Closes #4958
---
lib/vtls/gtls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 3737d7c68..955f1ee35 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn,
}
/* Initialize TLS session as a client */
- init_flags = GNUTLS_CLIENT;
+ init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT;
#if defined(GNUTLS_NO_TICKETS)
/* Disable TLS session tickets */
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 122/282: multi: if Curl_readwrite sets 'comeback' use expire, not loop, (continued)
- [gnurl] 122/282: multi: if Curl_readwrite sets 'comeback' use expire, not loop, gnunet, 2020/04/01
- [gnurl] 119/282: TODO: Paged searches on LDAP server, gnunet, 2020/04/01
- [gnurl] 133/282: HTTP-COOKIES: mention that a trailing newline is required, gnunet, 2020/04/01
- [gnurl] 130/282: SOCKS: fix typo in printf formatting, gnunet, 2020/04/01
- [gnurl] 127/282: altsvc: make saving the cache an atomic operation, gnunet, 2020/04/01
- [gnurl] 129/282: CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section, gnunet, 2020/04/01
- [gnurl] 135/282: win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functions, gnunet, 2020/04/01
- [gnurl] 142/282: md4: Fixed compilation issues when using GNU TLS gcrypt, gnunet, 2020/04/01
- [gnurl] 131/282: tool_util: Improve Windows version of tvnow(), gnunet, 2020/04/01
- [gnurl] 128/282: docs/GOVERNANCE: refreshed + added "donations" and "commercial support", gnunet, 2020/04/01
- [gnurl] 138/282: GnuTLS: Always send client cert,
gnunet <=
- [gnurl] 134/282: connect: remove some spurious infof() calls, gnunet, 2020/04/01
- [gnurl] 136/282: cleanup: comment typos, gnunet, 2020/04/01
- [gnurl] 139/282: gtls: fix the copyright year, gnunet, 2020/04/01
- [gnurl] 132/282: nit: Copyright year out of date, gnunet, 2020/04/01
- [gnurl] 137/282: github action: add CIFuzz, gnunet, 2020/04/01
- [gnurl] 141/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 143/282: tests: Added a unit test for SHA256 digest generation, gnunet, 2020/04/01
- [gnurl] 144/282: digest: Corrected the name of the local HTTP digest function, gnunet, 2020/04/01
- [gnurl] 146/282: ntlm: Removed the dependency on the TLS libaries when using MD5, gnunet, 2020/04/01
- [gnurl] 147/282: test1610: Fixed the link to the unit test, gnunet, 2020/04/01