Am 16.10.15 um 00:43 schrieb Steffan Karger:
> PolarSSL 1.3 determines whether to use a client key/cert based on the
> private key and/or certificate structs being allocated or not. We
> previously would always allocate the structs in
> tls_ctx_{client,server}_new(), which made polarssl clients without a
> client key/cert (can also be mgmt-external-key or pkcs11) fail to connect.
>
> Note that this bug is not present in OpenVPN 2.3, because PolarSSL 1.2
> does not contain the 'pk' abtraction layer and therefore behaves slightly
> different.
>
ACK. The code does exactly what the commit message says.
Arne
