Support for SSL "no certificates" error.
Imported from http://bugzilla.roxen.com/bugzilla/show_bug.cgi?id=2480
Reported by @grubba
From: "Bill.Welliver@fairchildsemi.com" <Bill.Welliver@fairchildsemi.com>
To: "pike@roxen.com" <pike@roxen.com>
Date: Thu, 1 Nov 2001 13:36:20 -0500
Subject: Patches
I've been working on a project using PiGTK and the LDAP client in Pike, and along the way I made some fixes and additions. I'd like to contribute these to the pike source, if they're suitable. There are 3 patches in this message.
Item 1: without this patch, a server that requests a certificate of a client is sent a fatal handshake error. According to the SSL3 spec, we can just return a "no certificates" message, and let the server deal with that (usually the request is made to do authentication against the cert).
--- lib/modules/SSL.pmod/handshake.pike.orig Wed Oct 24 15:15:30 2001 +++ lib/modules/SSL.pmod/handshake.pike Wed Oct 24 15:06:22 2001
@@ -1038,10 +1039,13 @@
array(int) cert_types = input->get_var_uint_array(1, 1);
// int num_distinguished_names = input->get_uint(2);
// array(string) distinguished_names =
- send_packet(Alert(ALERT_fatal, ALERT_unexpected_message, version[1],
- "SSL.session->handle_handshake: unexpected
message\n",
+// send_packet(Alert(ALERT_fatal, ALERT_unexpected_message,
version[1],
+// "SSL.session->handle_handshake: unexpected message\n",
+// backtrace()));
+ send_packet(Alert(ALERT_warning, ALERT_no_certificate, version[1],
+ "", backtrace()));
- return -1;
+// return -1;
}
break;