'Re: Client verification in a SSL server'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: Client verification in a SSL server
From:       Robert Sandilands <robert () vps ! co ! za>
Date:       2000-05-31 6:44:58
[Download RAW message or body]

That is not quite the complete story :-) I just struggled to get a
similar thing going. If you look in the archives for mail by me and to
me on this subject you will get a lot more information. Some function
that loads the certificates or their locations like
SSL_CTX_load_verify_locations must also feature... If there is interest
I'll post a modified demos/ssl/cli.cpp and demos/ssl/serv.cpp that
compiles under both Linux and Windoze and where this feature works.

Robert Sandilands

Lutz Jaenicke wrote:
> 
> On Tue, May 30, 2000 at 03:38:12PM -0300, Marcos Rogerio wrote:
> > I have tried samples, FAQs and this mailing list for a way to make
> > my server read my client´s certificate, without success.
> Did you really try all samples? See below.
> 
> This should go into the FAQ...
> The client will only send the certificate if requested by the server.
> The server must hence be configured with the SSL_VERIFY and corresponding
> SSL_VERIFY_CLIENT_ONCE (maybe SSL_VERIFY_FAIL_IF_NO_PEER_CERT) using
> the  SSL_CTX_set_verify(ctx, verify_flags, verify_callback) call.
> See e.g. the openssl s_server source code for the flags "-verify"
> and "-Verify".
> 
> Best regards,
>         Lutz
> --
> Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
> BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majordomo@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic