On Fri, Jan 03, 2020, Benjamin Kaduk via openssl-users wrote:
> On Sun, Nov 24, 2019 at 12:05:34PM +0100, Claus Assmann wrote:
> > Seems it is impossible to override the list with NULL for SSL, as
> > the code will then use the list from CTX (if my limited understanding
> > Is this intentional?
Sorry for the very late response...
On Sun, Nov 24, 2019 at 12:05:34PM +0100, Claus Assmann wrote:
> Seems it is impossible to override the list with NULL for SSL, as
> the code will then use the list from CTX (if my limited understanding
> of the code is correct):
>
> STACK_OF(X509_NAME)
Seems it is impossible to override the list with NULL for SSL, as
the code will then use the list from CTX (if my limited understanding
of the code is correct):
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{
...
if (s->client_CA != NULL)
return (s->client_CA);
I'm trying to find what's wrong when I use
SSL_set_client_CA_list(ssl, NULL);
in a server:
openssl s_client still shows "Acceptable client CA names"
(those which are previously set using
SSL_CTX_load_verify_locations())
instead of the expected
"No client certificate CA names sent"
which happens
