Viktor,
Despite being a protocol violation, it is accepted by the OpenSSL's server
implementation.
But I do see now that this is indeed covered by RFC 5246. Sorry, I have
missed that line in
the Client Certificate section.
On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich wrote:
> > There is no nee
> There is no need for an API for a non-interoperable feature that would
> violate the TLS protocol:
>
> https://tools.ietf.org/html/rfc5246#section-7.4.6
Perhaps more usefully, see
http://datatracker.ietf.org/doc/draft-thomson-tls-care/
This will almost definitely be part of TLS 1.3. Note
[ Redirecting to openssl-users ]
On Wed, Aug 13, 2014 at 01:05:24AM +0400, Fedor Indutny wrote:
> I just discovered that there is no way to force OpenSSL SSL client to send
> Certificate record if server hasn't sent CertificateRequest.
That would be a TLS protocol violation.
> Would a patch th
