https://bz.apache.org/bugzilla/show_bug.cgi?id=64263
--- Comment #3 from Joe Orton <[email protected]> --- Thanks for the report. It looks like SSL_verify_client_post_handshake() returns immediately with SSL_R_EXTENSION_NOT_RECEIVED (=> TLSv1.3 client which does NOT enable PHA) without doing any work, so I think it should be safe to detect that condition, and the "vmode_needed & SSL_VERIFY_FAIL_IF_NO_PEER_CERT" case ("optional" cert required) and then allow optional to work as with <1.3. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
