GnuTLS: Always send client cert

TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Fixes curl#1411
jethrogb · Feb 20, 2020 · 844f050 · 844f050
1 parent 150f45e
commit 844f050
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
@@ -664,7 +664,7 @@ gtls_connect_step1(struct connectdata *conn,
   }
 
   /* Initialize TLS session as a client */
-  init_flags = GNUTLS_CLIENT;
+  init_flags = GNUTLS_CLIENT | GNUTLS_FORCE_CLIENT_CERT;
 
 #if defined(GNUTLS_NO_TICKETS)
   /* Disable TLS session tickets */