Hi,
Do you use:
SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
If not it is probably the solution ;)
Alexis
Urjit Gokhale a écrit :
Hi,
I have a sample SSLized client server program.
I am not using SSL_CTX_load_verify_locations() in the client and still
my client is able to connect to the server.
I wonder how this could be possible. How would the client be able to
authenticate the server certificate without the knowledge of the root
CA certificate that signed the server certificate.
The server certificate, as far as I know, is not self signed. (server
certificate file is attached).
Could someone explain to how my client connects to the server without
the knowledge of the root CA?
Could someone list down the necessary and sufficient conditions, for a
certificate to be considered as self-signed?
Thank you,
~ Urjit
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you
are not authorized to read, retain, copy, print, distribute or use
this message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent
Systems Pvt. Ltd. does not accept any liability for virus infected mails.
--
Alexis Lefort
Ingenieur departement etudes
Tel: +33 (0)2 37 62 88 88
Fax: +33 (0)2 37 62 88 01
CXR - Rue de l'Ornette - 28410 ABONDANT
[EMAIL PROTECTED]
http://cxr.anderson-jacobson.com/
Ce message et toutes les pièces jointes sont confidentiels et établis a
l'intention exclusive de ses destinataires. Toute modification, édition,
utilisation ou diffusion non autorisée est interdite. Tout message
électronique est susceptible d'altération. CXR Anderson Jacobson décline
toute responsabilité au titre de ce message s'il a été altéré, déformé,
falsifié, édité ou diffusé sans autorisation.
This message and any attachments are confidential and intended solely
for the addressees. Any unauthorised alteration, printing, use or
dissemination is prohibited. E-mails are susceptible to alteration. CXR
Anderson Jacobson shall not be liable for the message if altered,
changed, falsified, printed or disseminated without authorisation.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
