linux-qubasis

linux oasis port as a qubes template

git clone https://9o.is/git/linux-qubasis.git

0002-Use-patched-bearssl-flag-to-force-CertificateRequest.patch

(822B)

      1 From ce2e99a74f9216fa5783a6bc943c228788fd469c Mon Sep 17 00:00:00 2001
      2 From: Michael Forney <mforney@mforney.org>
      3 Date: Thu, 13 May 2021 22:17:56 -0700
      4 Subject: [PATCH] Use patched bearssl flag to force CertificateRequest
      5 
      6 ---
      7  tls_server.c | 6 +-----
      8  1 file changed, 1 insertion(+), 5 deletions(-)
      9 
     10 diff --git a/tls_server.c b/tls_server.c
     11 index 2436036..7f578b8 100644
     12 --- a/tls_server.c
     13 +++ b/tls_server.c
     14 @@ -339,11 +339,7 @@ tls_accept_common(struct tls *ctx)
     15  		if (tls_configure_x509(conn_ctx) != 0)
     16  			goto err;
     17  
     18 -		if (ctx->config->ca_len == 0) {
     19 -			tls_set_errorx(ctx, "cannot verify client without trust anchors");
     20 -			goto err;
     21 -		}
     22 -
     23 +		flags |= BR_OPT_REQUEST_CLIENT_CERT;
     24  		br_ssl_server_set_trust_anchor_names_alt(&conn_ctx->conn->u.server,
     25  		    ctx->config->ca, ctx->config->ca_len);
     26  
     27 -- 
     28 2.31.1
     29