From 807f2facd0283ef19eb33deb59d1128e691647f3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 28 Feb 2013 12:34:53 +0100 Subject: Request a TLS client certificate even if no peer identity is given This allows a peer to perform client authentication if it wants, but skip it if not. --- src/libtls/tls_server.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src/libtls/tls_server.c') diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index a85a00c4a..6615a37ed 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -984,11 +984,7 @@ METHOD(tls_handshake_t, build, status_t, } /* otherwise fall through to next state */ case STATE_KEY_EXCHANGE_SENT: - if (this->peer) - { - return send_certificate_request(this, type, writer); - } - /* otherwise fall through to next state */ + return send_certificate_request(this, type, writer); case STATE_CERTREQ_SENT: return send_hello_done(this, type, writer); case STATE_CIPHERSPEC_CHANGED_OUT: -- cgit v1.2.3