Request a TLS client certificate even if no peer identity is given

This allows a peer to perform client authentication if it wants, but skip
it if not.

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index a85a00c4a9f44eb2e006cf96fbb0111da8309801..6615a37edaf0ffd2f766d8ce429194f06ba5160b 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -984,11 +984,7 @@ METHOD(tls_handshake_t, build, status_t,
                        }
                        /* otherwise fall through to next state */
                case STATE_KEY_EXCHANGE_SENT:
-                       if (this->peer)
-                       {
-                               return send_certificate_request(this, type, writer);
-                       }
-                       /* otherwise fall through to next state */
+                       return send_certificate_request(this, type, writer);
                case STATE_CERTREQ_SENT:
                        return send_hello_done(this, type, writer);
                case STATE_CIPHERSPEC_CHANGED_OUT: