Thanks Marek for that reply. It helped me :) Regards,
Prabhu. S ----- Original Message ----- From: "Marek Marcola" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Wednesday, August 09, 2006 3:02 PM Subject: Re: query on SSL_CTX_set_verify(); > Hello, > > I have client application program in which I call the method > > "SSL_CTX_set_verify" as SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, > > NULL). Whenever the incoming server certificate is invalid the the > > application immediately aborts. How do I overcome this..I need to > > abort grace fully calling "SSL_get_verify_result(ssl)!=X509_V_OK)" and > > other verification methods. > Just look at SSL_CTX_set_verify() documentation on callback function > for example from: > http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html# > > > The return value of verify_callback controls the strategy of the further > verification process. If verify_callback returns 0, the verification > process is immediately stopped with ``verification failed'' state. If > SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer > and the TLS/SSL handshake is terminated. If verify_callback returns 1, > the verification process is continued. If verify_callback always returns > 1, the TLS/SSL handshake will not be terminated with respect to > verification failures and the connection will be established. The > calling process can however retrieve the error code of the last > verification error using SSL_get_verify_result(3) or by maintaining its > own error storage managed by verify_callback. > > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
