RE: Getting an SSL client to use certificates

Michael Czapski Tue, 17 Apr 2001 14:52:54 -0700
Hello Carlos,

You need to tell the server to ask for one, for example:

    if (giRequirePeerCert) {
        SSL_CTX_set_verify
                (*sslCtx
                ,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
                ,verify_callback);
    } else {
        SSL_CTX_set_verify
                (*sslCtx
                ,SSL_VERIFY_NONE
                ,verify_callback);
    }
Cheers


--
Michael Czapski
Senior Consultant
SeeBeyond Pty. Ltd.
+61 2 9409-5403

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Carlos Serrão
Sent: Wednesday, April 18, 2001 1:28 AM
To: [EMAIL PROTECTED]
Subject: RE: Getting an SSL client to use certificates

Eric,
do you have some working examples on you web page demonstrating
its usage?

I've already take a look at the source code from a chapter of
your book in a web page and it didn't work very well.

Or is it necessary to buy the book to understand it better ?

Best regards,

_____________________________________________________________
Carlos Serrão                          [EMAIL PROTECTED]
                                 http://www.carlos-serrao.com
DCTI - IS/IT Department        IS/IT Research and Development
ADETTI/ISCTE - Av.Forcas Armadas     1600-082 LISBOA Portugal
Tel.: +351217903064/+351217903901         Fax:  +351217935300


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Rescorla
> Sent: Terça-feira, 17 de Abril de 2001 14:57
> To: [EMAIL PROTECTED]
> Subject: Re: Getting an SSL client to use certificates
>
>
> Carlos Serrão <[EMAIL PROTECTED]> writes:
>
> > I'm debating myself with the same problem for almost a year and
> > couldn't find yet the solution... neither any one in this list
> > could explain me how to do it...
> >
> > I'm almost believing that it is a openssl limitation...
> The basic issue here is that the server has to ASK for the
> client's certificate. Just giving it to the client isn't
> enough. This isn't a limitation of OpenSSL, it's just how
> SSL/TLS work.
>
> The SSL_CTX_set_verify() call is used to tell the server
> to ask.
>
> -Ekr
>
> [Eric Rescorla                                   [EMAIL PROTECTED]]
> Author of "SSL and TLS: Designing and Building Secure Systems"
>                   http://www.rtfm.com/
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Getting an SSL client to use certificates

Reply via email to
