diff options
| author | jethrogb <github@jbeekman.nl> | 2020-02-20 20:36:25 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-02-21 15:33:36 +0100 |
| commit | 41fcb4f609d41b55956865b5927cfc0beba81671 (patch) | |
| tree | b8d82526809f07091a16d89aee860abc9aad832d | |
| parent | 7224e70f40a45b155d8e5e58f55c8972d07369e7 (diff) | |
GnuTLS: Always send client cert
TLS servers may request a certificate from the client. This request
includes a list of 0 or more acceptable issuer DNs. The client may use
this list to determine which certificate to send. GnuTLS's default
behavior is to not send a client certificate if there is no
match. However, OpenSSL's default behavior is to send the configured
certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL
behavior.
Authored-by: jethrogb on github
Fixes #1411
Closes #4958
| -rw-r--r-- | lib/vtls/gtls.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 3737d7c68..955f1ee35 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn, } /* Initialize TLS session as a client */ - init_flags = GNUTLS_CLIENT; + init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT; #if defined(GNUTLS_NO_TICKETS) /* Disable TLS session tickets */ |