Can anyone answer this? How do I tell if this is a known problem with OpenSSL or if
the RFC is incorrect, or if this is just a accepted deviation?
Erik Tkal
Principal Software Engineer
Funk Software, Inc.
[EMAIL PROTECTED] 978-371-3980x123
"Out the Token Ring, through the router, down the fiber, off
a switch, past the firewall, down the T1 ... nothing but Net."
-----------------------
A customer performing interoperability testing sent me a message and indicated that
our TLS server was sending a CertificateRequest message with a CAs length of 0,
followed by no additional data. This appears to be in violation of section 7.4.4 of
RFC 2246, which implies that the certificate_authorities must be at least 3 bytes.
struct {
ClientCertificateType certificate_types<1..2^8-1>;
DistinguishedName certificate_authorities<3..2^16-1>;
} CertificateRequest;
Is this a bug, and if so, what is the correct way to indicate that you do not wish to
hint to the client what CAs to use in selecting a certificate?
BTW, I tried changing the server code to send a 2-byte CAs length of 3, followed by a
2-byte CA1 length of 1, followed by a null byte, but the client didn't like that at
all.
Erik Tkal
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
