Do I need to say no calls to SSL_CTX_set_client_CA_list() nor any of the three related functions listed on the man page?
Charles From: Charles Mills [mailto:charl...@mcn.org] Sent: Sunday, December 2, 2018 4:38 PM To: 'openssl-users@openssl.org' Subject: Question on necessity of SSL_CTX_set_client_CA_list I have an OpenSSL (v1.1.0f) server application that processes client certificates. The doc for SSL_CTX_load_verify_locations() states "In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list family of functions." The application makes no calls to SSL_CTX_set_client_CA_list() yet receives client certificates without errors. Can someone please explain the discrepancy. I'm especially wondering if I have set a trap that will spring down the road: "yes it works, but if a user does X then it will not work." Thanks! Charles
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
