Bug #27156: Do not send CA list on client authentication - Rudder - Issue Tracker

Bug #27156

When a client tries to authenticate via TLS in the http connection, the server sends it a list of accepted CA, which can be pretty long since we don't have a proper PKI yet 

 Since we don't have a PKI, we store all agent certificates as CA, which makes a very long list. 
 When this list is sent, it can overflow the TLS connection a and make it fail with a tlsv1 alert internal error. 

 The solution is to use SSLCADNRequestFile to send a shorter list.

Back

Project

General

Profile

Rudder

Bug #27156