Colin,
On the server side, you need to do a little more work to get the server
to ask (or demand) client authentication.
See the SSL_CTX_set_verify() and SSL_set_verify() commands,
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html#
For example, to force client authentication you would use the OR the flags
SSL_VERIFY_PEER and SSL_VERIFY_FAIL_IF_NO_PEER_CERT
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Colin Fox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 11, 2001 4:08 PM
Subject: Server certificates
> Greetings. We're trying to get client/server authentication working via
> certificates.
>
> We've followed the example code (such as it is), and found that the
> client can get the server's cert, but the server thinks that there's no
> client cert. We really need that client cert.
>
> The call in question is:
> SSL_get_peer_certificate(ssl)
>
> I can post a larger code sample if necessary, but my question is: Is
> this the right call for client authentication, or does it only work for
> server authentication?
>
> Thanks.
>
>
> --
> Colin Fox
> I speak for myself.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
