when does a server need to use SSL_CTX_set_client_CA_list()?

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Sat, 14 Mar 2020 01:28:22 +0000
Hi,

Since it is done in sample code, I have an option in the RPC-over-TLS
server daemon that does the SSL_CTX_set_client_CA_list() call.
When I test, I have not used this option and the code seems to work.
Maybe this is because the client only has a single certificate?

Here's the lame description I have in the man page for the option:
.It Fl C Ar client_cafile
If this option is specified, the server calls
.Dq SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(``client_cafile''))
during TLS context configuration.
I do not know when this is needed, but it appears to be required for
certain TLS configurations.

Does someone know when this call is needed?
Can you explain it? (Just about anything is better than the above;-)

Thanks, rick

Received on Sat Mar 14 2020 - 00:28:24 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:23 UTC