diff options
| author | Martin Willi <martin@revosec.ch> | 2013-02-28 12:34:53 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-02-28 16:46:08 +0100 |
| commit | 807f2facd0283ef19eb33deb59d1128e691647f3 (patch) | |
| tree | e916a8a1f855d33b3e6229c557febaf9c4ebdfdd /src/libtls/tls_server.c | |
| parent | 257c80cb5b9fb8225043052f51010abf8c7bdf75 (diff) | |
| download | strongswan-807f2facd0283ef19eb33deb59d1128e691647f3.tar.bz2 strongswan-807f2facd0283ef19eb33deb59d1128e691647f3.tar.xz | |
Request a TLS client certificate even if no peer identity is given
This allows a peer to perform client authentication if it wants, but skip
it if not.
Diffstat (limited to 'src/libtls/tls_server.c')
| -rw-r--r-- | src/libtls/tls_server.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index a85a00c4a..6615a37ed 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -984,11 +984,7 @@ METHOD(tls_handshake_t, build, status_t, } /* otherwise fall through to next state */ case STATE_KEY_EXCHANGE_SENT: - if (this->peer) - { - return send_certificate_request(this, type, writer); - } - /* otherwise fall through to next state */ + return send_certificate_request(this, type, writer); case STATE_CERTREQ_SENT: return send_hello_done(this, type, writer); case STATE_CIPHERSPEC_CHANGED_OUT: |