I'm curious: the SSL server code (s3_srvr.c, line 1677) sets an error of "no certificate returned" when the client's certificate fails verification. Why use this (rather misleading) error message? The equivalent client code (s3_clnt.c, line 764) uses the more intuitive error of "certificate verify failed". Thanks in advance Ollie King Data Connection Ltd ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]