diff options
| author | Michael Forney <mforney@mforney.org> | 2021-05-14 23:21:46 -0700 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2021-05-15 01:53:56 -0700 |
| commit | 1f9c9197b068db149ec83ad871e20bbad7a9e137 (patch) | |
| tree | 3fd69edc158f4cce05f7db1c20716d5df7d3edc5 /pkg/libtls-bearssl/patch | |
| parent | 4c05c5cc7955d7d676a18f01be1060b3faa29a77 (diff) | |
libtls-bearssl: Use patched bearssl flag to force CertificateRequest with verify_client==1
Diffstat (limited to 'pkg/libtls-bearssl/patch')
| -rw-r--r-- | pkg/libtls-bearssl/patch/0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/pkg/libtls-bearssl/patch/0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch b/pkg/libtls-bearssl/patch/0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch new file mode 100644 index 00000000..ee88bdda --- /dev/null +++ b/pkg/libtls-bearssl/patch/0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch @@ -0,0 +1,29 @@ +From ce2e99a74f9216fa5783a6bc943c228788fd469c Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Thu, 13 May 2021 22:17:56 -0700 +Subject: [PATCH] Use patched bearssl flag to force CertificateRequest + +--- + tls_server.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/tls_server.c b/tls_server.c +index 2436036..7f578b8 100644 +--- a/tls_server.c ++++ b/tls_server.c +@@ -339,11 +339,7 @@ tls_accept_common(struct tls *ctx) + if (tls_configure_x509(conn_ctx) != 0) + goto err; + +- if (ctx->config->ca_len == 0) { +- tls_set_errorx(ctx, "cannot verify client without trust anchors"); +- goto err; +- } +- ++ flags |= BR_OPT_REQUEST_CLIENT_CERT; + br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server, + ctx->config->ca, ctx->config->ca_len); + +-- +2.31.1 + |