Thanks for the info. There's an issue I've found. As I set the client authentication to be mandatory, now all the other ports that are listening will mandate for a client certificate to be able to establish a connection.
To be more detail, device is accepting connection at two ports. eg 30000 and 40000 like this:
Code: Select all
function1()
{
//doesn't require a client cert. eg port 30000
SSL_accept(listener, &address, NULL, 0);
}
function2()
{
// client cert is needed. eg port 40000
SSL_accept(listener, &address, NULL, 0, true, true, client_ca_cert, client_ca_cert_len, SSL_FILETYPE_PEM, nullptr);
}
If function2() get called first since device boots up, it can make a connection with providing a valid client cert. But now function1() will request a client cert too at port 30000 even it never ask for it. So it failed to make a connection. The "certificate request" now is included in the server hello message.