Hi,
We have developed our own web server and recently upgraded to SSL 3.0 using
SSLeay 0.8.1. We have noticed that when we try to do an HTTP GET using
client certificates we created that our verify_callback routine for checking
the certificates is never called.
We set the callback this way:
SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE,
ns_verify_callback);
I have been unable to figure out where in the SSLeay code the callback is
called and under what conditions its called.
Later on we try to get the certificate information but this also fails
because the peer member of the SSL session structure is not set.
void ns_snag_cert_info(SSL *ssl, char *client_host)
{
SSL_SESSION *sess = ssl->session;
if ( sess->peer != NULL)
{
Again I have been unable to determine where in the SSLeay code the peer
member is set and under what conditions. Your help would be most
appreciated.
Finally we found that our web server was recognizing HTTP GET calls with
client certificates created with an older version of SSLeay that implemented
SSL 2.0. Unfortunately the client certificates were rejected. Your help in
understaning this would also be most appreciated.
Thanks in advance,
Frank Kim
NetCentric Corporation
28 Crosby Drive, Bedford, MA 01730
(781)685-5288
[EMAIL PROTECTED] http://cag-www.lcs.mit.edu/~frankkim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
