On Thu, Mar 16, 2000 at 11:19:16AM +0200, [EMAIL PROTECTED] wrote:
> On Wed, 15 Mar 2000, Wade L. Scholine wrote:
> > From: Wade L. Scholine <[EMAIL PROTECTED]>
> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> > Subject: RE: demos/ssl/serv.cpp
> I know that the demo's are intended to be minimal SSL programs. There is
> just a part of them that I can not get to work.. The line:
>
> client_cert = SSL_get_certificate( ssl );
>
> in serv.cpp always fails. I want to know how can I make that one line
> work?
Again, Wade already gave you the necessary answer. The client will only
send the certificate to the server, _if_ explicitely asked to do so
during handshake. The default is to not ask for a client certificate.
On the server you must change the behaviour with the
SSL_[CTX_]set_verify() call and the options SSL_VERIFY_PEER etc options.
Please check apps/s_server.c as an example on how the call is used and
grep for s_server_verify to see the setting of the options.
Only then you can later access the client certificate. Or to say it the
other way round, without setting the verify option, this example should
never have shown a client certificate to anybody.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
