On Mon, May 22, 2006 at 07:43:15PM +0200, Marek Marcola wrote:
> When server sends CertificateRequest to client, client may ignore
> this or respond with full client authentication.
>
> Some other application use different way in authentication clients.
> When client connects, there is no need to authentication and client
> can do all actions that no required authentication (and for many
> clients this is enough). But when client wants to do action that
> requires authentication, server initiates SSL re-handshake with
> requesting client certificate (and CertificateVerify information).
In my case I don't know who the special clients are, until they send
their credentials. Only the clients know in advance that they are special.
Is it possible for a client to unilaterally provide credentials without
the server explicitly requesting them? If that were possible, I could
stop requesting credentials from all clients.
I can also operate a separate service port for clients that need to
send credentials, but if I can avoid it, and not lose connectivity
with misconfigured clients, I'd like to explore that option.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
