projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent KSSL server from requesting a client certificate.
[openssl.git] / ssl / s3_srvr.c
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bcf8c875cc7cd71a85faba2ecd9aa041d4a013de..20b8cc9ac5a3f48b3aa47ec10edeb0bba1fb4cdc 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -311,7 +311,9 @@ int ssl3_accept(SSL *s)
                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
                                 /* ... except when the application insists on verification
                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-                                !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
+                                !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                                 /* never request cert in Kerberos ciphersuites */
+                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
                                {
                                /* no cert request */
                                skip=1;
Unnamed repository; edit this file 'description' to name the repository.