Hello, Thank you for the solution.
I have used (at client side, before SSL_connect) SSL_set_verify SSL_VERIFY_PEER mode and I have put NULL instead of verify callback in order to use the default callback. But with SSL_get_error I get SSL_ERROR_SSL. I use a self-signed certificate. Could be this the problem? I have also defined my own verify_callback starting from the example presented in openssl SSL_set_verify documentation. Where is not very clear for me it's how to verify a certificate in order to know that can be trusted? In verify_callback example the certificate is retrieved from server and some depth check is done (in my case depth is 0 because I use a self-signed certificate). What else should contain? A test if the keys go together is also necessary here? Another example of verify_callback will be really helpful. Thanks in advance, Anne tomtang_cn wrote: > > Please call SSL_set_verify with SSL_VERIFY_PEER mode in client > application. > > Best regards, > Tom > > > > > 在2009-04-02,AnneB <lianne...@yahoo.com> 写道: >> >>Hello, >> >>I have a server application that generates certificate and key files and >>loads them. How can I programatically, at client side, verify the server's >>certificate when I make a connection? >> >>Thanks, >>Anne >>-- >>View this message in context: http://www.nabble.com/Verify-certificates-tp22846723p22846723.html >>Sent from the OpenSSL - User mailing list archive at Nabble.com. >> >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>User Support Mailing List openssl-users@openssl.org >>Automated List Manager majord...@openssl.org > > -- View this message in context: http://www.nabble.com/Verify-certificates-tp22846723p22905241.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
