Don't request client certificate in anonymous ciphersuites

except when following the specs is bound to fail.
author: Bodo Möller <bodo@openssl.org> 1999-12-29 17:43:03 +0000
committer: Bodo Möller <bodo@openssl.org> 1999-12-29 17:43:03 +0000
commit: 47134b7864fd5e31dbdbc789d9e073742ad4c3ee (patch)
tree: 8409045f85342aa5e8a6a350dfc3de5fdffc7c84 /CHANGES
parent: 45fd4dbb845a17b0ab18619162b54c7d1352a6b7 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index acf8bcd7ec..4f8cd17a44 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+     ciphersuites has been selected (as required by the SSL 3/TLS 1
+     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+     is set, we interpret this as a request to violate the specification
+     (the worst that can happen is a handshake failure, and 'correct'
+     behaviour would result in a handshake failure anyway).
+     [Bodo Moeller]
+
   *) In SSL_CTX_add_session, take into account that there might be multiple
      SSL_SESSION structures with the same session ID (e.g. when two threads
      concurrently obtain them from an external cache).
author	Bodo Möller <bodo@openssl.org>	1999-12-29 17:43:03 +0000
committer	Bodo Möller <bodo@openssl.org>	1999-12-29 17:43:03 +0000
commit	47134b7864fd5e31dbdbc789d9e073742ad4c3ee (patch)
tree	8409045f85342aa5e8a6a350dfc3de5fdffc7c84 /CHANGES
parent	45fd4dbb845a17b0ab18619162b54c7d1352a6b7 (diff)