Can anyone answer this? How do I tell if this is a known problem with OpenSSL or if the RFC is incorrect, or if this is just a accepted deviation?
Erik Tkal Principal Software Engineer Funk Software, Inc. [EMAIL PROTECTED] 978-371-3980x123 "Out the Token Ring, through the router, down the fiber, off a switch, past the firewall, down the T1 ... nothing but Net." ----------------------- A customer performing interoperability testing sent me a message and indicated that our TLS server was sending a CertificateRequest message with a CAs length of 0, followed by no additional data. This appears to be in violation of section 7.4.4 of RFC 2246, which implies that the certificate_authorities must be at least 3 bytes. struct { ClientCertificateType certificate_types<1..2^8-1>; DistinguishedName certificate_authorities<3..2^16-1>; } CertificateRequest; Is this a bug, and if so, what is the correct way to indicate that you do not wish to hint to the client what CAs to use in selecting a certificate? BTW, I tried changing the server code to send a 2-byte CAs length of 3, followed by a 2-byte CA1 length of 1, followed by a null byte, but the client didn't like that at all. Erik Tkal ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]