[Devel] Patch: cfg.y bug fix - tls_require_client_certificate has no effect

phgs at free.fr phgs at free.fr
Thu Nov 23 15:31:12 CET 2006


Hello,


Issue:

Whatever the value of tls_require_client_certificate, client certificates are
NEVER mandatory to connect using TLS.

I added the following lines in the openser.cfg file:

    tls_verify_client = 1
    tls_require_client_certificate = 1

But after restarting openser, I still could connect without any client
certificate and I found this message in the openser logs:

    Nov 23 15:09:53 localhost openser: TLS: Client verification activated.
Client certificates are NOT mandatory.


Patch:

The value found in the configuration file must be stored in
tls_default_server_domain->require_client_cert instead of
tls_default_client_domain->require_client_cert.


690c690
< tls_default_server_domain->require_client_cert=$3;
---
> tls_default_client_domain->require_client_cert=$3;


Regards,
Philippe





More information about the Devel mailing list