Comment 27 for bug 1865900

Revision history for this message
Vladimir Mencl (vladimir-mencl) wrote :


Just clarifying on the previous comment. From the release notes I've seen in the bionic package, I understand this fix does:
> - debian/patches/tlsv1.3-support-3.patch: fail with 403 if
> SSL_verify_client_post_handshake fails in
> modules/ssl/ssl_engine_kernel.c.

However, when authentication is optional (SSLVerifyClient optional) and no client authentication is provided, it MUST NOT count as a failure and request processing should continue...