Hi, Since it is done in sample code, I have an option in the RPC-over-TLS server daemon that does the SSL_CTX_set_client_CA_list() call. When I test, I have not used this option and the code seems to work. Maybe this is because the client only has a single certificate? Here's the lame description I have in the man page for the option: .It Fl C Ar client_cafile If this option is specified, the server calls .Dq SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(``client_cafile'')) during TLS context configuration. I do not know when this is needed, but it appears to be required for certain TLS configurations. Does someone know when this call is needed? Can you explain it? (Just about anything is better than the above;-) Thanks, rickReceived on Sat Mar 14 2020 - 00:28:24 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:23 UTC