[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: Client verification in a SSL server
From: Robert Sandilands <robert () vps ! co ! za>
Date: 2000-05-31 6:44:58
[Download RAW message or body]
That is not quite the complete story :-) I just struggled to get a
similar thing going. If you look in the archives for mail by me and to
me on this subject you will get a lot more information. Some function
that loads the certificates or their locations like
SSL_CTX_load_verify_locations must also feature... If there is interest
I'll post a modified demos/ssl/cli.cpp and demos/ssl/serv.cpp that
compiles under both Linux and Windoze and where this feature works.
Robert Sandilands
Lutz Jaenicke wrote:
>
> On Tue, May 30, 2000 at 03:38:12PM -0300, Marcos Rogerio wrote:
> > I have tried samples, FAQs and this mailing list for a way to make
> > my server read my client´s certificate, without success.
> Did you really try all samples? See below.
>
> This should go into the FAQ...
> The client will only send the certificate if requested by the server.
> The server must hence be configured with the SSL_VERIFY and corresponding
> SSL_VERIFY_CLIENT_ONCE (maybe SSL_VERIFY_FAIL_IF_NO_PEER_CERT) using
> the SSL_CTX_set_verify(ctx, verify_flags, verify_callback) call.
> See e.g. the openssl s_server source code for the flags "-verify"
> and "-Verify".
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic