Thanks for the clarification. I read that and said to myself, "well how the h*%l is that supposed to work, LOL."
Regards, Fred Crable -----Original Message----- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:00 AM To: [EMAIL PROTECTED] Subject: Re: Problem with X509_set_verify() On Thu, Jun 26, 2003 at 08:47:49AM -0500, Fred Crable wrote: > It looks like a verification failure, whatever that means! Sounds like > an infinite loop from the man pages. Try fflush() on your stdio to > catch those printf()'s :) > > Quote from: http://www.hmug.org/man/3/SSL_CTX_set_verify.html > > The return value of verify_callback controls the strategy > of the further verification process. If verify_callback > returns 0, the verification process is immediately stopped > with "verification failed" state. If SSL_VERIFY_PEER is > set, a verification failure alert is sent to the peer and > the TLS/SSL handshake is terminated. If verify_callback > returns 1, the verification process is continued. If ver- > ify_callback always returns 1, the TLS/SSL handshake will > never be terminated because of this application experienc- > ing a verification failure. The calling process can how- > ever retrieve the error code of the last verification > error using SSL_get_verify_result(3) or by maintaining its > own error storage managed by verify_callback. Oouch. What was meant is: If verify_callback() always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. Will fix this in the manual pages in the next minutes. Thanks, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
