That is not quite the complete story :-) I just struggled to get a
similar thing going. If you look in the archives for mail by me and to
me on this subject you will get a lot more information. Some function
that loads the certificates or their locations like
SSL_CTX_load_verify_locations must also feature... If there is interest
I'll post a modified demos/ssl/cli.cpp and demos/ssl/serv.cpp that
compiles under both Linux and Windoze and where this feature works.
Robert Sandilands
Lutz Jaenicke wrote:
>
> On Tue, May 30, 2000 at 03:38:12PM -0300, Marcos Rogerio wrote:
> > I have tried samples, FAQs and this mailing list for a way to make
> > my server read my client´s certificate, without success.
> Did you really try all samples? See below.
>
> This should go into the FAQ...
> The client will only send the certificate if requested by the server.
> The server must hence be configured with the SSL_VERIFY and corresponding
> SSL_VERIFY_CLIENT_ONCE (maybe SSL_VERIFY_FAIL_IF_NO_PEER_CERT) using
> the SSL_CTX_set_verify(ctx, verify_flags, verify_callback) call.
> See e.g. the openssl s_server source code for the flags "-verify"
> and "-Verify".
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke [EMAIL PROTECTED]
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
