On Sun, Jan 22, 2023 at 03:41:06PM -0500, Viktor Dukhovni wrote:
> Thanks to Todd Short, RFC7250 raw public keys should be available in
> OpenSSL ~3.2. Applications that use unauthenticated opportunistic TLS,
> employ DANE or have other ways to avoid X.509 certificates and make do
> with raw peer
My interpretation of RFC5246, 7.4.6 Client Certificate
https://www.rfc-editor.org/rfc/rfc5246.html#section-7.4.6
"If no suitable certificate is available, the client MUST send a
certificate message containing no certificates. That is, the
certificate_list structure has a length of zero."
covers
On Sat, Feb 04, 2023 at 07:25:31PM +0100, Achim Kraus wrote:
> My interpretation of RFC5246, 7.4.6 Client Certificate
>
> https://www.rfc-editor.org/rfc/rfc5246.html#section-7.4.6
>
> "If no suitable certificate is available, the client MUST send a
> certificate message containing no certificate
Pull requests
-
* tlswg/tls13-spec (+1/-0/💬2)
1 pull requests submitted:
- FIPS.186-5 has been published by NIST (by emanjon)
https://github.com/tlswg/tls13-spec/pull/1293
1 pull requests received 2 new comments:
- #1292 same certificate as both server and client cert (2
