Permalink
Browse files

Do not send all the DNs on the server upon establishing a connection.

  • Loading branch information...
1 parent 12a948c commit d4326f2103f439d2ab4e5aba63cbc8c129129f21 @gonzalop gonzalop committed Apr 27, 2012
@@ -73,6 +73,15 @@ protected override void ProcessAsTls1()
* attributeValue ANY }
*/
+ /*
+ * From RFC 5246:
+ * If the certificate_authorities list is empty, then the client MAY
+ * send any certificate of the appropriate ClientCertificateType,
+ * unless there is some external arrangement to the contrary.
+ *
+ * Better let the client choose which certificate instead of sending down
+ * a potentially large list of DNs.
+
if (context.ServerSettings.DistinguisedNames.Length > 0)
{
TlsStream list = new TlsStream ();
@@ -88,8 +97,9 @@ protected override void ProcessAsTls1()
}
else
{
+ */
this.Write ((short)0);
- }
+ //}
}
#endregion

0 comments on commit d4326f2

Please sign in to comment.