Steve:
First,thanks a lot, i need your help.
I have written a ssl proxy to improve security, and now i have
some problem:
1.I can only get site certification from IIS (apache build in modssl is ok)
using X509_STORE_CTX_get_chain() in my verify_call
which is a callback function used in SSL_CTX_set_verify, i think this is iis's
characteristic, really?
2. when he used my ssl proxy as his browser's ssl proxy,
I want to display a popup listbox to let user select personal certificate
when www site require personal certificate just like IE and Netscape,
so i must have already got site's certify chain, i can't get it by using
X509_STORE_CTX_get_chain()
in my verify_call, it only return site certificate ,when site www server is iis,
i can get root ca which signed this site
certificate, but no site's certify chain which can let me choose
my personal certificate.
Thanks a lot.
jasson
网易动画站带你走进神奇快乐的动画世界,
有电影、有游戏、还有MTV!千万别错过了!
http://cartoon.163.com
我们正在进行FLASH游戏的征稿活动,静待高手的来临!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
