[Devel] Patch: cfg.y bug fix - tls_require_client_certificate has no
effect
phgs at free.fr
phgs at free.fr
Thu Nov 23 15:31:12 CET 2006
Hello,
Issue:
Whatever the value of tls_require_client_certificate, client certificates are
NEVER mandatory to connect using TLS.
I added the following lines in the openser.cfg file:
tls_verify_client = 1
tls_require_client_certificate = 1
But after restarting openser, I still could connect without any client
certificate and I found this message in the openser logs:
Nov 23 15:09:53 localhost openser: TLS: Client verification activated.
Client certificates are NOT mandatory.
Patch:
The value found in the configuration file must be stored in
tls_default_server_domain->require_client_cert instead of
tls_default_client_domain->require_client_cert.
690c690
< tls_default_server_domain->require_client_cert=$3;
---
> tls_default_client_domain->require_client_cert=$3;
Regards,
Philippe
More information about the Devel
mailing list