Peter Djalaliev wrote: > Well, let me see if I can explain it better: > > The Apache web server is sending a "certificate request" handshake > message. The client receives it, calls the certificate callback > function (which fails) and then sends and empty certificate, which is > handled on the server side. > > (I was wrong before when I said that the client sends a "no certificate" > alert, TLS sends an empty certificate instead of the alert) > > I don't see how the issue is with the remote server not requesting the > certificate. IMO, It seems that the problem is with the certificate > callback function failing every time. Do you think otherwise?
Yes. The certificate request message contains a list of the DER-encoded names of the CAs (cert issuers) that the server trusts to issue client certs. If your cert was not issued by any of the CAs named in the request, then your SSL client is behaving correctly by not sending your cert. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
