Re: [whatwg/fetch] Clarification on CORS preflight fetches for TLS client certificates (#869) from David Benjamin on 2019-08-07 (public-webapps-github@w3.org from August 2019)

From: David Benjamin <notifications@github.com>
Date: Wed, 07 Aug 2019 12:45:45 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/869/519242767@github.com>

Re TLS 1.0+ vs SSL 3.0, that's just an encoding quirk. In SSL 3.0, affirmatively sending no certificate was denoted by omitting the Certificate message and sending a no_certificate warning alert. In TLS 1.0+, if the client receives a CertificateRequest, it must send a Certificate message, and sending no certificate is denoted by sending an empty Certificate.

The two options are functionally equivalent. Just the spelling was changed. (Not that matters now as SSL 3.0 is gone.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/869#issuecomment-519242767

Received on Wednesday, 7 August 2019 19:46:08 UTC