Hello, > Could someone help me understand what is happening here? > > ~ Urjit > > ----- Original Message ----- > From: "Urjit Gokhale" <[EMAIL PROTECTED]> > To: <openssl-users@openssl.org> > Sent: Thursday, January 18, 2007 9:13 PM > Subject: Re: My ssl client connects without the knowledge of root CA > certificate > > > > No. > > The function call sequence in the client goes like: > > SSL_load_error_strings() > > SSL_library_init() > > SSL_CTX_new() > > SSL_new() > > SSL_set_cipher_list() > > SSL_set_fd() > > SSL_connect() > > and then the client continues with SSL_read() and SSL_write(). > > > > I still wonder how my client manages to do a successful SSL_connect! > > Anyway, thanks for the reply, This may depend on negotiated cipher (anonymous for example). But if (for example) you use RSA then certificate sent from server to client (for encryption of pre_master_secret) is not verified by default. It is just used. (Server proves having right private key by proper decryption of pre_master_key).
> > Do you use: > > > > SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER | > > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); > > If not it is probably the solution ;) > > > > Alexis For client SSL_CTX_set_verify (sslctx, SSL_VERIFY_PEER, NULL) should be enough. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
