Hi, all!

Can you clear me one question about certificate verification?
My SSL-enabled server, written with OpenSSL-0.9.6, accepting client
(browser) connections with SSL_CTX ctx, previously initialized as:

int VerifyMode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
SSL_VERIFY_CLIENT_ONCE;
int VerifyDepth = 6;
SSL_CTX_set_verify(ctx, VerifyMode, SSL_verify_callback);
SSL_CTX_set_verify_depth(ctx, VerifyDepth);

however server asks for client certificate at _every_ connection -
browser displays corresponding dialog.
What I do wrong? Is SSL_VERIFY_CLIENT_ONCE not sufficient condition to
ask certificate
only once?

-- 
WBR, Oleg Amiton
Epsylon Technologies
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to