Martin Rex <[email protected]> wrote: > The problem with Client certs for smtpd is that basically you will > have to violate the TLS protocol to not run into connection failures. > > SSLv3 and TLSv1.0 *REQUIRE* the TLS server to send a list > of (acceptable) certificate_authorities (distinguished names) > in the CertificateRequest handshake message, and sending an empty > list is a protocol violation.
Right, but the client does not have to present a certificate in response, and the server can still let the connection proceed. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
