From: [EMAIL PROTECTED] On Behalf Of vinni rathore
Sent: Tuesday, 25 November, 2008 04:58
To: [email protected]
Subject: Re: Client verify failing - continued
yes its true that server does not request certificate automatically
everything is done by using APIs .. so nothing to say on it..
here the problem is not of server but from client side as the server is
not able to get the client certificate..
If you do want the client to authenticate (send a cert) either:
- preset (before connecting) its cert and corresponding privatekey with
SSL_[CTX_]use_{certificate,PrivateKey}*
(after setting password callback routine and/or data if needed, i.e. if the
privatekey is encrypted
and you don't want the user to just be prompted to enter it in the default
fashion)
- set a client_cert_cb callback which is invoked during connection to
(select and) provide the cert & privatekey
Either way make sure the client's cert is issued (signed) by a CA the server
trusts.
If you don't want the client to authenticate, change the server to not
demand it.
On Tue, Nov 25, 2008 at 3:21 PM, Michael Simms <[EMAIL PROTECTED]>
wrote:
> I am new to openssl and now i face the problem
> "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificat errror"
.While
> searching in google
> i have found you too had the same problem and also you was able to
rectify the
> problem. Can you please help me to solve this problem .
The server doesn't automatically request a certificate from the
client.
Use something like
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
SSL_CTX_set_verify_depth(ctx,10);
