Re: SSL_set_client_CA_list(ssl, NULL) problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Seems it is impossible to override the list with NULL for SSL, as
the code will then use the list from CTX (if my limited understanding
of the code is correct):

STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{
...
        if (s->client_CA != NULL)
            return (s->client_CA);
        else
            return (s->ctx->client_CA);

Is this intentional? The man pages says:

SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the
setting valid for ssl's SSL_CTX object.


IMHO there should be some indication (flag) that the value from SSL
should be used (to distinguish between the ways NULL is used: "this
is NULL because of the initialization" and "this is explicitly set
to NULL").
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux