verify_client
Determines whether a TLS client's certificate will be verified. The default is
no.
verify_client |
vfy_clt= {yes| y | 1} | {no | n | 0}
Use
Use only if verify_server has also been set.
verify_client must be set to the same (or equivalent) value in the assignment files of both the TLS client and TLS server.
Description
Servers can only verify clients after the client has done server verification.
To enable client verification, set this value to
yes in the TLS client's assignment files, and to yes
in the TLS server assignment file.
To disable client verification, omit the option
completely, or set verify_client=no in both the TLS client and
the TLS server assignment files.
Defining Connection Profile for Client Verification
The following assignment settings show the matching connection profile definitions in the TLS client and TLS server assignment files
;client.asn
[NET_SETTINGS]
CheckClient=verify_client=yes, client_certificate=clcert.crt, %\
client_key=clkey.key, client_key_password=pas5Word;urouter.asn [NET_SETTINGS] CheckClient=verify_client=yes, verify_client_name=dns:*.mycompany.com, ca_certificate=clcert.crt
Default Connection Profile for Client Verification
The client certificate and key are not specified, so it is assumed they are in personal.crt and personal.key in the current working directory.
;client.asn [DRIVER_SETTINGS] USYS$TLS_PARAMS=verify_client=yes
In the matching TLS server assignment file, the CA certificate is not specified, so it is assumed to be in usys:ca-bundle.crt:
;urouter.asn [DRIVER_SETTINGS] USYS$TLS_PARAMS=verify_client=yes
