Hi Emmanuel, This seems to work fine. I've tested with 10000 CA certs, without the option on I get "tcp window full" followed by tls fatal alerts, with the option on the connection works fine.
I haven't tested the crt-list option. Do you know if it is possible to add this to stable (1.5/1.6)? My guess would be 'no' because it is a new feature, but I'm not sure what your policy's are. Best regards, Bas -----Original Message----- From: Emmanuel Hocdet [mailto:[email protected]] Sent: maandag 10 juli 2017 17:46 To: Wolvers, Bas Cc: [email protected] Subject: Re: Feature request: disable CA/distinguished names. Hi Bas, > Le 10 juil. 2017 à 17:05, Wolvers, Bas <[email protected]> a écrit : > > Hi Emmanuel, > > I finally found time to test your patch. > > It works, but you can't seem to turn it off. > no-ca-names seems to be active regardless of the option in the config file. > oops i fail the double negation. fix patch include. > I think I'll find time tomorrow to find out if it’s the global option or not, > but my time is a bit limited unfortunately. > > Best regards, > > Bas Thanks for testing! Manu
