nevermind... i had blinders on while reading the error, and i just concentrated on the server. i just noticed the browser says:
"Peer does not recognize and trust the CA that issued your certificate." so i need to go make sure my certs are set up properly. thanks, -=- adam grossman On Wed, 2010-01-27 at 17:01 -0500, Adam Grossman wrote: > hello. > > I am having trouble getting my server renegotiation working with client > certificates. Without certificates, it works fine. The one thing is > that the server initially does not need a client cert, but it does > during renegotiation (a requirement i have that is out of my hands). > > i am using 0.9.7d. > > The server talks to a web browser. This is what i am doing (leaving out > the error handling): > > SSL_set_verify(ssl, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT , > NULL); > SSL_renegotiate(ssl); > SSL_do_handshake(ssl); > ssl->state=SSL_ST_ACCEPT; > SSL_do_handshake(ssl); > > when it renegotiates, the browser says "The site requested you to > identify yourself with a certificate". but then the 2nd handshake gives > the error: > > 1780:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no > certificate returned:s3_srvr.c:2010: > > i even looked at mod_ssl, and it seems to be doing the samething. what > am i missing? > > thanks everyone once again, > -=- adam grossman > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
