Hi, Mr. Lutz,
Thank you for your return.
>
>This should go into the FAQ...
>The client will only send the certificate if requested by the server.
>The server must hence be configured with the SSL_VERIFY and corresponding
>SSL_VERIFY_CLIENT_ONCE (maybe SSL_VERIFY_FAIL_IF_NO_PEER_CERT) using
>the SSL_CTX_set_verify(ctx, verify_flags, verify_callback) call.
>See e.g. the openssl s_server source code for the flags "-verify"
>and "-Verify".
I also tried this. I used SSL_CTX_set_verify() with itīs required fields
and passed
verify_flag=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
to it. But I have noted that the callback function is never executed.
Is it possible to have the client cert passing NULL as the callback to
the SSL_CTX_set_verify()? Is this SSL_CTX_set_verify() setup the only
requirement to client authentication to work properly?
Thank you in advance,
Marcos Oliveira.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
