I'm trying to find what's wrong when I use
in a server:
openssl s_client still shows "Acceptable client CA names"
(those which are previously set using
instead of the expected
"No client certificate CA names sent"
which happens if I use
Now sure what's wrong:
- my program
- openssl s_client
- SSL_set_client_CA_list(ssl, NULL)
- something else
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the
setting valid for ssl's SSL_CTX object.
IMHO there should be some indication (flag) that the value from SSL
should be used (to distinguish between the ways NULL is used: "this
is NULL because of the initialization" and "this is explicitly set