* Did we receive the curves from the client?
*/
bool curves_received;
+
+ /**
+ * Whether to include CAs in CertificateRequest messages
+ */
+ bool send_certreq_authorities;
};
/**
this->crypto->get_signature_algorithms(this->crypto, writer, TRUE);
}
- write_certificate_authorities(writer);
+ if (this->send_certreq_authorities)
+ {
+ write_certificate_authorities(writer);
+ }
+ else
+ {
+ writer->write_data16(writer, chunk_empty);
+ }
}
else
{
writer->write_uint8(writer, 0);
extensions = bio_writer_create(32);
- DBG2(DBG_TLS, "sending extension: %N",
- tls_extension_names, TLS_EXT_CERTIFICATE_AUTHORITIES);
- authorities = bio_writer_create(64);
- write_certificate_authorities(authorities);
- extensions->write_uint16(extensions, TLS_EXT_CERTIFICATE_AUTHORITIES);
- extensions->write_data16(extensions, authorities->get_buf(authorities));
- authorities->destroy(authorities);
+
+ if (this->send_certreq_authorities)
+ {
+ DBG2(DBG_TLS, "sending extension: %N",
+ tls_extension_names, TLS_EXT_CERTIFICATE_AUTHORITIES);
+ authorities = bio_writer_create(64);
+ write_certificate_authorities(authorities);
+ extensions->write_uint16(extensions, TLS_EXT_CERTIFICATE_AUTHORITIES);
+ extensions->write_data16(extensions, authorities->get_buf(authorities));
+ authorities->destroy(authorities);
+ }
DBG2(DBG_TLS, "sending extension: %N",
tls_extension_names, TLS_EXT_SIGNATURE_ALGORITHMS);
.state = STATE_INIT,
.peer_auth = auth_cfg_create(),
.server_auth = auth_cfg_create(),
+ .send_certreq_authorities = lib->settings->get_bool(lib->settings,
+ "%s.tls.send_certreq_authorities",
+ TRUE, lib->ns),
);
return &this->public;
projects / strongswan.git / commitdiff