Hi there,
I'm wondering what is the usual criteria for doing client verification? I've got everything coded to ask the client for a cert, and I get the cert by calling SSL_get_peer_certificate(). But I don't know what to check for to verify the client's identity. Is there some standard field(s) that are always present in a client certificate that should be checked for?
Any sample code to read these fields out of an X509* would also be greatly appreciated.
Thanks,
Ed
