Request a TLS client certificate even if no peer identity is given
authorMartin Willi <martin@revosec.ch>
Thu, 28 Feb 2013 11:34:53 +0000 (12:34 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 28 Feb 2013 15:46:08 +0000 (16:46 +0100)
This allows a peer to perform client authentication if it wants, but skip
it if not.

src/libtls/tls_server.c

index a85a00c..6615a37 100644 (file)
@@ -984,11 +984,7 @@ METHOD(tls_handshake_t, build, status_t,
                        }
                        /* otherwise fall through to next state */
                case STATE_KEY_EXCHANGE_SENT:
-                       if (this->peer)
-                       {
-                               return send_certificate_request(this, type, writer);
-                       }
-                       /* otherwise fall through to next state */
+                       return send_certificate_request(this, type, writer);
                case STATE_CERTREQ_SENT:
                        return send_hello_done(this, type, writer);
                case STATE_CIPHERSPEC_CHANGED_OUT: