Opened 7 years ago

Last modified 7 years ago

#6490 enhancement new

Add support for supplying accepted CAs for client certificates to CertificateOptions

Reported by: Hynek Schlawack Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Hynek Schlawack Branch:
Author:

Description

This is the original issue of #2061 which then morphed into chain certificates:

When using client certificates, it should be possible to send a list of accepted CAs to the client; quoting from the openssl documentation (openssl-0.9.8c/CHANGES.SSLeay)

If you want to use client certificates then you have to add in a bit of extra stuff in that a SSLv3 server sends a list of those CAs that it will accept certificates from ... so you have to provide a list to SSLeay otherwise certain browsers will not send client certs.

pyOpenSSL added support for SSL_CTX_set_client_CA_list() in 0.10 as set_client_ca_list: http://pythonhosted.org/pyOpenSSL/openssl-context.html

Change History (1)

comment:1 Changed 7 years ago by Hynek Schlawack

Cc: Hynek Schlawack added
Summary: Add support for client CA listsAdd support for supplying accepted CAs for client certificates to CertificateOptions
Note: See TracTickets for help on using tickets.