Standards Based Linux Instrumentation / Bugs / #2172 sfcb does not provide list of acceptable CAs to client

#2172 sfcb does not provide list of acceptable CAs to client

Milestone: Security

Status: pending-fixed

Owner: Narasimha Sharoff

Labels: sfcb (1090)

Component:

Priority: 5

Updated: 2011-06-01

Created: 2011-03-30

Creator: Robert Kieninger

Private: No

The SFCB server is not sending a list of CAs when requesting a certificate from the client. The TLSv1.0 protocol expects this list to be filled in.

In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is
not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list(3) family of functions.

Discussion

Narasimha Sharoff - 2011-05-20

Patch load certificate list

3259627.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Narasimha Sharoff - 2011-06-01

assigned_to: buccella --> nsharoff

status: open --> pending-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Narasimha Sharoff - 2011-06-01

committed to HEAD

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

sfcb does not provide list of acceptable CAs to client

Group

Searches

Help

#2172 sfcb does not provide list of acceptable CAs to client

Discussion