GnuTLS: Always send client cert

TLS servers may request a certificate from the client. This request
includes a list of 0 or more acceptable issuer DNs. The client may use
this list to determine which certificate to send. GnuTLS's default
behavior is to not send a client certificate if there is no
match. However, OpenSSL's default behavior is to send the configured
certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL
behavior.

Authored-by: jethrogb on github
Fixes #1411
Closes #4958
This commit is contained in:
jethrogb 2020-02-20 20:36:25 +01:00 committed by Daniel Stenberg
parent 7224e70f40
commit 41fcb4f609
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn,
}
/* Initialize TLS session as a client */
init_flags = GNUTLS_CLIENT;
init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT;
#if defined(GNUTLS_NO_TICKETS)
/* Disable TLS session tickets */