This one time, at band camp, Andreas Metzler said: > > This does not happen if the server cert presented is not signed by the > > same CA as the client cert.
eh. I don't know what has changed (some artifact of a puppet driven setup, possibly?) but on returning to it, the clients are now sending their certs to machines with a cert signed by the same ca, and using opportunistic tls without cert exchange otherwise. I'm aesthetically displeased by them not sending their client certs to everyone, but this is no longer a showstopper. Feel free to downgrade or close the report as you deem fit. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [email protected] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
