I have a client/server application. I'm trying to make the client connect to the server without verifying the client's certificate, then for the server to change how it verifies the connection and then to force renegotiation. I can't get it to work. According to me I'm doing sort of the same things that happens in s_client.c and s_server.c but I get nothing of consequence when my own client and server chats, and when I talk to the openssl client app from my server using the following command line: [e:\work\openssl\bin]openssl.exe s_client -connect 10.0.1.3:443 -key z:\certs\robert.key -cert z:\certs\robert.crt -ssl3 I get the following response when I try to force renegotiation: 161:error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode:d:\work\openssl\openss~1.5\ssl\s3_pkt.c:383: The renegotiation code in my server app looks sort of like: SSL_renegotiate( ssl ); result=SSL_do_handshake(ssl); if (result<0) return( GEN_NOREAD ); ssl_write( ssl, "NOP", 1 ); The write is included because it seems to cause the error. But without it, nothing happens... Any idea's, information, example code that is not in s_client.c or s_server.c would be appreciated. Robert Sandilands ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
