From 41fcb4f609d41b55956865b5927cfc0beba81671 Mon Sep 17 00:00:00 2001
From: jethrogb <github@jbeekman.nl>
Date: Thu, 20 Feb 2020 20:36:25 +0100
Subject: GnuTLS: Always send client cert

TLS servers may request a certificate from the client. This request
includes a list of 0 or more acceptable issuer DNs. The client may use
this list to determine which certificate to send. GnuTLS's default
behavior is to not send a client certificate if there is no
match. However, OpenSSL's default behavior is to send the configured
certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL
behavior.

Authored-by: jethrogb on github
Fixes #1411
Closes #4958
---
 lib/vtls/gtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 3737d7c68..955f1ee35 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn,
   }
 
   /* Initialize TLS session as a client */
-  init_flags = GNUTLS_CLIENT;
+  init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT;
 
 #if defined(GNUTLS_NO_TICKETS)
   /* Disable TLS session tickets */
-- 
cgit v1.2.1