From: Martin Willi <martin@revosec.ch>
Date: Thu, 28 Feb 2013 11:34:53 +0000 (+0100)
Subject: Request a TLS client certificate even if no peer identity is given
X-Git-Tag: 5.0.3dr3~4^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=807f2facd0283ef19eb33deb59d1128e691647f3;p=thirdparty%2Fstrongswan.git

Request a TLS client certificate even if no peer identity is given

This allows a peer to perform client authentication if it wants, but skip
it if not.
---

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index a85a00c4a9..6615a37eda 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -984,11 +984,7 @@ METHOD(tls_handshake_t, build, status_t,
 			}
 			/* otherwise fall through to next state */
 		case STATE_KEY_EXCHANGE_SENT:
-			if (this->peer)
-			{
-				return send_certificate_request(this, type, writer);
-			}
-			/* otherwise fall through to next state */
+			return send_certificate_request(this, type, writer);
 		case STATE_CERTREQ_SENT:
 			return send_hello_done(this, type, writer);
 		case STATE_CIPHERSPEC_CHANGED_OUT: