Only accept a client certificate if the server requests

one, as required by SSL/TLS specs.
author: Dr. Stephen Henson <steve@openssl.org> 2003-09-03 23:47:34 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2003-09-03 23:47:34 +0000
commit: 14f3d7c5ccd38875d5f3ee2007baec5a7240adc0 (patch)
tree: b3c5d1ce8e250369178588ef5c8b10ba87bcdd7d /CHANGES
parent: 510dc1ecd00296a17a9b680288290942d82beddf (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0e7f968846..421d41fd72 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2515,6 +2515,11 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6j and 0.9.6k  [xx XXX 2003]
 
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
   *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
      extra data after the compression methods not only for TLS 1.0
      but also for SSL 3.0 (as required by the specification).
author	Dr. Stephen Henson <steve@openssl.org>	2003-09-03 23:47:34 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2003-09-03 23:47:34 +0000
commit	14f3d7c5ccd38875d5f3ee2007baec5a7240adc0 (patch)
tree	b3c5d1ce8e250369178588ef5c8b10ba87bcdd7d /CHANGES
parent	510dc1ecd00296a17a9b680288290942d82beddf (diff)