HI!!!
I'm with the same problem..
but i can't get the peer certificate in any situation, it is always
NULL!
i'm using the SSL_CTX_set_verify() method after i create the call to
SSL_CTX_new(),
is it in the wrong place?? should i use the SSL_set_verify() ?
i'm doing this in c++ also, and i'm using threads, so for each session I
create a new ssl.
is this ok??
if you don't mind, can you send me your ssl_set_verify() method???
thanks a lot.
"Hegde, Ramdas" wrote:
>
> Thanks Greg
>
> Moving the SSL_CTX_set_verify() above the SSL_new() did the job of fixing
> the problem.
>
> Ramdas
>
> -----Original Message-----
> From: Greg Stark [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 22, 2001 5:51 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Strange behaviour with SSL_CTX_set_verify
>
> You need to do the SSL_CTX_set_verify() *before* you do the SSL_new(). The
> SSL * sort of inherits all of the settings from the parent SSL_CTX *, kind
> of like a fork(). If you need to customize a setting for a particular SSL
> session, you do this to the SSL * object.
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
> ----- Original Message -----
> From: "Hegde, Ramdas" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 22, 2001 6:10 PM
> Subject: Strange behaviour with SSL_CTX_set_verify
>
> > After I do the SSL initialization, I do the following in my server code.
> > while(1){
> > if((s=accept(sock,0,0))<0)
> > err_exit("Problem accepting");
> >
> > sbio=BIO_new_socket(s,BIO_NOCLOSE);
> > ssl=SSL_new(ctx);
> > SSL_set_bio(ssl,sbio,sbio);
> >
> > SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
> > if((r=SSL_accept(ssl)<=0))
> > err_exit("SSL accept error");
> >
> > peer = SSL_get_peer_certificate(ssl);
> > if (peer == NULL) {
> > printf("Null presented by peer \n");
> > }
> >
> > The first time the client connects and does the SSL handhshake, when the
> > server makes a request for a client certificate, it gets a NULL. But on
> > subsequent calls from the client, the server is able to get the client
> > certificate.
> > What could be going wrong the first time this happens?
> > If I make it SSL_set_verify() instead of SSL_CTX_set_verify(), the server
> > gets the peer certificate but the callback function is not called.
> > I am confused as to why this is happening and would appreciate any ideas
> to
> > solving this problem.
> >
> > Thanks
> >
> > Ramdas
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
