For which reasons do you want to accept self signed certificates ?... I
do not understand why deactivating client authentication as Konark
suggested wouldn't be good enough.
Samy Thiyagarajan wrote:
Thanks konark.
When I initialize my ctx i call the following functions..
# SSL_CTX_set_verify() with option SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
# SSL_CTX-set_client_CA_list( ctx, cafile)
things are fine when the client request for a connection with a
certificate signed by one of the listed CAs (in the cafile)
For some reasons I also wish to accept self signed certs( user needs
to decide to accept or not ).
So when a client comes up with a self signed cert , the server reports
' unknown ca ' error. I understand that this is b'coz it is not signed
by trusted CA. All i want to know is what needs to be done on server
side to accept the self signed.
I really appreciate ay kind of assistance.
Thanks
Samy
--
Alain Damiral
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
