Skip to content

Commit

Permalink
Always send client cert
Browse files Browse the repository at this point in the history 
TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, we generally always have a specific certificate specified, so we just want to send that regardless.

Originally submitted as PR on GitHub: dlenski/openconnect#164
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
@jethrogb @dlenski
jethrogb authored and dlenski committed Mar 30, 2020
1 parent 8820105 commit c698cca
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion gnutls.c
View file
Expand Up @@ -2185,7 +2185,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
}
}
}
gnutls_init(&vpninfo->https_sess, GNUTLS_CLIENT);
gnutls_init(&vpninfo->https_sess, GNUTLS_CLIENT|GNUTLS_FORCE_CLIENT_CERT);
gnutls_session_set_ptr(vpninfo->https_sess, (void *) vpninfo);
/*
* For versions of GnuTLS older than 3.2.9, we try to avoid long
Expand Down

0 comments on commit c698cca

Please sign in to comment.