[Devel] Patch: cfg.y bug fix - tls_require_client_certificate
has no effect
klaus.mailinglists at pernau.at
Thu Nov 23 16:14:28 CET 2006
This is fixed in stable and CVS (and another small bug which had no
impact at all).
Just a question: certificate validation is turned off by default. IMO
this should be turned on by default.
Thus, I suggest changing the default in openser CVS to "validation=on"
and leave it in stable (1.1.x) as it is "validation=off".
What do you think about that?
Klaus Darilion wrote:
> Thanks - I will take care of it.
> phgs at free.fr wrote:
>> Whatever the value of tls_require_client_certificate, client
>> certificates are
>> NEVER mandatory to connect using TLS.
>> I added the following lines in the openser.cfg file:
>> tls_verify_client = 1
>> tls_require_client_certificate = 1
>> But after restarting openser, I still could connect without any client
>> certificate and I found this message in the openser logs:
>> Nov 23 15:09:53 localhost openser: TLS: Client verification
>> Client certificates are NOT mandatory.
>> The value found in the configuration file must be stored in
>> tls_default_server_domain->require_client_cert instead of
>> < tls_default_server_domain->require_client_cert=$3;
>> Devel mailing list
>> Devel at openser.org
More information about the Devel