Always include the CA list in CertificateRequest.
We must have mistranscribed this to CBB at some point. If the CA list is empty, we must still include that field. Change-Id: I341224d85c9073b09758517cdfa14893793ea0ec Reviewed-on: https://boringssl-review.googlesource.com/8767 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Nick Harper <nharper@chromium.org> Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin
parent
97a0a08293
commit
111533049d
@ -1210,12 +1210,12 @@ static int ssl3_send_certificate_request(SSL *ssl) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
STACK_OF(X509_NAME) *sk = SSL_get_client_CA_list(ssl);
|
|
||||||
if (sk != NULL) {
|
|
||||||
if (!CBB_add_u16_length_prefixed(&body, &names_cbb)) {
|
if (!CBB_add_u16_length_prefixed(&body, &names_cbb)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
STACK_OF(X509_NAME) *sk = SSL_get_client_CA_list(ssl);
|
||||||
|
if (sk != NULL) {
|
||||||
size_t i;
|
size_t i;
|
||||||
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
|
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
|
||||||
X509_NAME *name = sk_X509_NAME_value(sk, i);
|
X509_NAME *name = sk_X509_NAME_value(sk, i);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user