regarding certificate request message

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

regarding certificate request message

jimmy-6
Hi,

As per the standards for tls1.0, ssl3.0 if the

'DistinguishedName certificate_authorities<3..2^16-1>' field must be
atleast 3 bytes. But tls1.1 says it can be 0 length if not present.
openssl does things the tls1.1 way if there are no distinguished names,
i.e., sends 0 length even for ssl3/tls1.0

Is this some improvement or am I missing something (like ssl3/tls1 must
have DNs..)?

Will this behaviour lead to interoperability issues? Can someone clarify?


Thanks,
-jb
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]