Hello, Could someone help me understand what is happening here?
~ Urjit ----- Original Message ----- From: "Urjit Gokhale" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Thursday, January 18, 2007 9:13 PM Subject: Re: My ssl client connects without the knowledge of root CA certificate > No. > The function call sequence in the client goes like: > SSL_load_error_strings() > SSL_library_init() > SSL_CTX_new() > SSL_new() > SSL_set_cipher_list() > SSL_set_fd() > SSL_connect() > and then the client continues with SSL_read() and SSL_write(). > > I still wonder how my client manages to do a successful SSL_connect! > Anyway, thanks for the reply, > > ~ Urjit > > ----- Original Message ----- > From: "Alexis Lefort" <[EMAIL PROTECTED]> > To: <openssl-users@openssl.org> > Sent: Thursday, January 18, 2007 2:43 PM > Subject: Re: My ssl client connects without the knowledge of root CA > certificate > > > Hi, > > Do you use: > > SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); > > If not it is probably the solution ;) > > Alexis > > Urjit Gokhale a écrit : > > Hi, > > > > I have a sample SSLized client server program. > > I am not using SSL_CTX_load_verify_locations() in the client and still > > my client is able to connect to the server. > > I wonder how this could be possible. How would the client be able to > > authenticate the server certificate without the knowledge of the root > > CA certificate that signed the server certificate. > > > > The server certificate, as far as I know, is not self signed. (server > > certificate file is attached). > > > > Could someone explain to how my client connects to the server without > > the knowledge of the root CA? > > Could someone list down the necessary and sufficient conditions, for a > > certificate to be considered as self-signed? > > > > Thank you, > > ~ Urjit > > > > DISCLAIMER ========== This e-mail may contain privileged and > > confidential information which is the property of Persistent Systems > > Pvt. Ltd. It is intended only for the use of the individual or entity > > to which it is addressed. If you are not the intended recipient, you > > are not authorized to read, retain, copy, print, distribute or use > > this message. If you have received this communication in error, please > > notify the sender and delete all copies of this message. Persistent > > Systems Pvt. Ltd. does not accept any liability for virus infected mails. > > > > -- > Alexis Lefort > Ingenieur departement etudes > Tel: +33 (0)2 37 62 88 88 > Fax: +33 (0)2 37 62 88 01 > CXR - Rue de l'Ornette - 28410 ABONDANT > [EMAIL PROTECTED] > http://cxr.anderson-jacobson.com/ > > > Ce message et toutes les pièces jointes sont confidentiels et établis a > l'intention exclusive de ses destinataires. Toute modification, édition, > utilisation ou diffusion non autorisée est interdite. Tout message > électronique est susceptible d'altération. CXR Anderson Jacobson décline > toute responsabilité au titre de ce message s'il a été altéré, déformé, > falsifié, édité ou diffusé sans autorisation. > > This message and any attachments are confidential and intended solely > for the addressees. Any unauthorised alteration, printing, use or > dissemination is prohibited. E-mails are susceptible to alteration. CXR > Anderson Jacobson shall not be liable for the message if altered, > changed, falsified, printed or disseminated without authorisation. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
