On Tue, Jan 31, 2017 at 08:07:16AM -0700, russellb...@gmail.com wrote:
> It was on the client side. I'm running sendmail as a client
> to relay mail that originates on my computer through gmail.
Gmail's SMTP server, correctly, does not suggest any preferred
client CAs.
> When I
> request
Quoth Mr Benjamin Kaduk:
'That's generally the default server behavior when no CAs are
configured for that purpose. But, (1) I thought you were looking at
the client side, and (2) how to configure the server depends on what
software is used on the server, so there's not much more
> On Jan 30, 2017, at 11:44 AM, russellb...@gmail.com wrote:
>
>> it is often wise to send an empty list when requesting client certificates.
>
> How does one send an empty list?
https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_client_CA_list.html
Just pass a NULL stack.
--
On 01/30/2017 10:44 AM, russellb...@gmail.com wrote:
> Quoth Mr Viktor Dukhovni, 'it is often wise to send an empty
> list when requesting client certificates.'
> How does one send an empty list?
>
That's generally the default server behavior when no CAs are configured
for that
Quoth Mr Viktor Dukhovni, 'it is often wise to send an empty
list when requesting client certificates.'
How does one send an empty list?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> On Jan 29, 2017, at 11:34 AM, russellb...@gmail.com wrote:
>
> What does this message mean? That I failed to send a client
> certificate CA name? That I failed to receive one? I run
>
> $ openssl s_client -certform gmail.pem -key gmail.key \
> -CAfile cacert.pem -debug -verify 10
