The SFCB server is not sending a list of CAs when requesting a certificate from the client. The TLSv1.0 protocol expects this list to be filled in.
In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is
not influenced by the contents of CAfile or CApath and must explicitly be set using the SSL_CTX_set_client_CA_list(3) family of functions.
Log in to post a comment.