Viktor,
Despite being a protocol violation, it is accepted by the OpenSSL's server
implementation.
But I do see now that this is indeed covered by RFC 5246. Sorry, I have
missed that line in
the Client Certificate section.
On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich rs...@akamai.com wrote:
[ Redirecting to openssl-users ]
On Wed, Aug 13, 2014 at 01:05:24AM +0400, Fedor Indutny wrote:
I just discovered that there is no way to force OpenSSL SSL client to send
Certificate record if server hasn't sent CertificateRequest.
That would be a TLS protocol violation.
Would a patch that
There is no need for an API for a non-interoperable feature that would
violate the TLS protocol:
https://tools.ietf.org/html/rfc5246#section-7.4.6
Perhaps more usefully, see
http://datatracker.ietf.org/doc/draft-thomson-tls-care/
This will almost definitely be part of TLS 1.3. Note