Hi, it would be helpful, if you describe your scenario in more details:
Server has some certS, signed by some cas. (I skip possible intermediates). The CAs cert needs to be trustworthy buy the client. So far there is no client cert involved. If the server wants some client cert, it has to be configured to request it by sending a list of acceptable client CA names (or an empty list).
Is this the case? If so, you should see this in a trace; if no, there is no client auth. solve previous step.
If so, are the two client certificates signed by the same CA? If client auth is requested by the server, any of them can be sent.
Does the server perform any kind of authorisation check on the identity of the client? Best Peter Sylvester On 15/08/2023 20:13, Phil Smith III wrote:
Thanks to an off-list suggestion from Charles that I run a gsktrace, I've now proven to my (and his) satisfaction that it does the label lookup and then.never actually uses it after that. So at least I now understand the results, even if they're arguably not quite what it should be doing. Or at least the documentation could improve. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
