summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjethrogb <github@jbeekman.nl>2020-02-20 20:36:25 +0100
committerDaniel Stenberg <daniel@haxx.se>2020-02-21 15:33:36 +0100
commit41fcb4f609d41b55956865b5927cfc0beba81671 (patch)
treeb8d82526809f07091a16d89aee860abc9aad832d
parent7224e70f40a45b155d8e5e58f55c8972d07369e7 (diff)
downloadcurl-41fcb4f609d41b55956865b5927cfc0beba81671.tar.gz
GnuTLS: Always send client cert
TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Authored-by: jethrogb on github Fixes #1411 Closes #4958
-rw-r--r--lib/vtls/gtls.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 3737d7c68..955f1ee35 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn,
}
/* Initialize TLS session as a client */
- init_flags = GNUTLS_CLIENT;
+ init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT;
#if defined(GNUTLS_NO_TICKETS)
/* Disable TLS session tickets */