RE: handshake error

Prashant Kumar Thu, 23 Aug 2001 08:26:39 -0700
Raja,

My 2 cents, since you have not provided any "verify_callback"
function the best option for the flags in "SSL_CTX_set_verify"
would be "SSL_VERIFY_NONE"

Here is the explanation for SSL_VERIFY_NONE.

B<Server mode:> the server will not send a client certificate request to the
client, so the client will not send a certificate.

B<Client mode:> if not using an anonymous cipher (by default disabled), the
server will send a certificate which will be checked. The result of the
certificate verification process can be checked after the TLS/SSL handshake
using the L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> function.
The handshake will be continued regardless of the verification result.


However, if you are intending to verify the peer, you can provide
a "verify_callback". You can refer "s_client.c" or "s_server.c"
in "apps" directory to understand this better.

Regards,
Prashant.


-----Original Message-----
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 11:21 AM
To: SSL_ORG (E-mail)
Subject: Re: handshake error


On Thu, Aug 23, 2001 at 12:11:48PM -0400, Raja Said wrote:
>       i building an application using ssl.
>       i have read the documentation of the open ssl multiple times
>       and i have the following situation:
>       when i run a server & client using ssl. but without
>
>       SSL_CTX_set_verify(ctx,
> SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,NULL);
>       then the handshake seems to pass.
>       but including this causes SSL_ERROR_SSL on both sides.
>       i dont have any idea how to fix this, can any one help me figure it
> out?

The handshake will fail, when the verification fails.
You do not use a "verify_callback". You therefore do not get any information
about whey the verification fails.

>       and when i do SSL_get_current_cipher and get print its version and
> name
>       NULL is written. although i did SSL_CTX_set_cipher_list(ctx,"ALL").
>
>       any ideas why this doesnt work?

When the verification failed, no session is negotiated and therefore
there cannot be information about a session, that does not exist :-)

Best regards,
        Lutz
--
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: handshake error

Reply via email to
