Are you doing things in this order:
SSL_CTX_set_verify
...
SSL_accept
...
SSL_get_peer_certificate
...
--- Eduardo Muñoz <[EMAIL PROTECTED]> wrote:
> Can anyone tell me hoy to authenticate a client? I
> have tried the following code on my server, but it
> keeps sending me the "Client does not have
> certificate" message.
>
> SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
>
> client_cert = SSL_get_peer_certificate (ssl);
> if (client_cert != NULL) {
> printf ("Client certificate:\n");
>
> str = X509_NAME_oneline (X509_get_subject_name
> (client_cert), 0, 0);
> CHK_NULL(str);
> printf ("\t subject: %s\n", str);
> free (str);
>
> str = X509_NAME_oneline (X509_get_issuer_name
> (client_cert), 0, 0);
> CHK_NULL(str);
> printf ("\t issuer: %s\n", str);
> free (str);
>
> /* We could do all sorts of certificate
> verification stuff here before
> deallocating the certificate. */
>
> X509_free (client_cert);
> } else {
> printf ("Client does not have certificate.\n");
> printf ("Connection terminated\n");
> close(sd);
>
> thanks
>
> Ed Muñoz
>
>
> =====
>
>
> _________________________________________________________
> Do You Yahoo!?
> Información de Estados Unidos y América Latina, en Yahoo! Noticias.
> Visítanos en http://noticias.espanol.yahoo.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
