On Thu, Jun 26, 2003 at 08:47:49AM -0500, Fred Crable wrote:
> It looks like a verification failure, whatever that means! Sounds like
> an infinite loop from the man pages. Try fflush() on your stdio to
> catch those printf()'s :)
>
> Quote from: http://www.hmug.org/man/3/SSL_CTX_set_verify.html
>
> The return value of verify_callback controls the strategy
> of the further verification process. If verify_callback
> returns 0, the verification process is immediately stopped
> with "verification failed" state. If SSL_VERIFY_PEER is
> set, a verification failure alert is sent to the peer and
> the TLS/SSL handshake is terminated. If verify_callback
> returns 1, the verification process is continued. If ver-
> ify_callback always returns 1, the TLS/SSL handshake will
> never be terminated because of this application experienc-
> ing a verification failure. The calling process can how-
> ever retrieve the error code of the last verification
> error using SSL_get_verify_result(3) or by maintaining its
> own error storage managed by verify_callback.
Oouch. What was meant is:
If verify_callback() always returns 1, the TLS/SSL handshake will not
be terminated with respect to verification failures and the connection will
be established.
Will fix this in the manual pages in the next minutes.
Thanks,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
