diff options
author | Bodo Möller <bodo@openssl.org> | 1999-12-29 17:43:03 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-12-29 17:43:03 +0000 |
commit | 47134b7864fd5e31dbdbc789d9e073742ad4c3ee (patch) | |
tree | 8409045f85342aa5e8a6a350dfc3de5fdffc7c84 /CHANGES | |
parent | 45fd4dbb845a17b0ab18619162b54c7d1352a6b7 (diff) |
Don't request client certificate in anonymous ciphersuites
except when following the specs is bound to fail.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -4,6 +4,14 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) SSL 3/TLS 1 servers now don't request certificates when an anonymous + ciphersuites has been selected (as required by the SSL 3/TLS 1 + specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT + is set, we interpret this as a request to violate the specification + (the worst that can happen is a handshake failure, and 'correct' + behaviour would result in a handshake failure anyway). + [Bodo Moeller] + *) In SSL_CTX_add_session, take into account that there might be multiple SSL_SESSION structures with the same session ID (e.g. when two threads concurrently obtain them from an external cache). |