When using TLSv1, ADH ciphers and have set a verify callback with a
mode of SSL_VERIFY_PEER, the server sends a Client Certificate. The
client side terminates with
SSL3_GET_CERTIFICATE_REQUEST
tls client cert req with anon cipher
.\ssl\s3_clnt.c:1173
as it should since TLS does not support client certs with anonymous
ciphers. Therefore, the server should not be making the request.
I believe this is a bug in OpenSSL 0.9.4.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
