Hello, > I have basic question for Client-Sever using SSL. Both Client/Server > have to use SL_CTX_load_verify_locations to load "Trust Root". Yes. > But Client will load its own private/public key, does not need to load > "server" cert at all . Yes, client loads its private key (which has public part too) and client certificate. When server needs to authenticate client than server sends to client "CertificateRequest" handshake message and client send its own certificate in "Certificate" handshake message. > Server will load its own private/public key, does not need to load > "client" cert at all. Yes, server loads its private key (which has public part too) and server certificate. Depending on negotiated cipher parameters this certificate is used to key-exchange or server authentication, but in any case it is send to client in "Certificate" handshake message.
> The "peer" cert will exchange at "Handshake" time. IS this true?? Yes. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
