Dear group, I require OpenSSL sockets and streams for my master thesis. I wrote an OpenSSL server and client in C++ using the OpenSSL library. Now currently I am trying to get the verification of certificates working, but am facing some problems.
Everything works fine, when I set set_verify to SSL_VERIFY_NONE SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL) and make the server certificate known to the client. Then on the client, I can call: SSL_get_peer_certificate(ssl) and it will return me the server's certificate, which I can then verify calling SSL_get_verify_result(ssl) Right. But now I have also a scenario, where the client certificate is known to the server. So I can do a peer verification on both sides. Thus I set set_verify to SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT SSL_CTX_set_verify(this->ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); and make sure both client and server know each others certificates. When I run SSL_get_peer_certificate(ssl) on the client, I get the server's certificate as before, but running the same command on the server won't return the client's certificate. Instead NULL is returned. Any ideas, what I could do wrong. Do you need any further information, that might help you finding the problem? I use self-signed certificates generated by openssl genrsa -des3 -out XXX.key 1024** openssl rsa -in XXX.key -out XXX.key.unsecure #to remove pass phrase protection any help would be appreciated! thx! mika
