From 41fcb4f609d41b55956865b5927cfc0beba81671 Mon Sep 17 00:00:00 2001 From: jethrogb Date: Thu, 20 Feb 2020 20:36:25 +0100 Subject: GnuTLS: Always send client cert TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Authored-by: jethrogb on github Fixes #1411 Closes #4958 --- lib/vtls/gtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/vtls') diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 3737d7c68..955f1ee35 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn, } /* Initialize TLS session as a client */ - init_flags = GNUTLS_CLIENT; + init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT; #if defined(GNUTLS_NO_TICKETS) /* Disable TLS session tickets */ -- cgit v1.2.3