silly me.. didn't notice the line in the server response of the second case:
verify depth is 1, must return a certificate Using default temp DH parameters ACCEPT SSL_accept:before/accept initialization SSL_accept:SSLv3 read client hello A SSL_accept:SSLv3 write server hello A SSL_accept:SSLv3 write certificate A SSL_accept:SSLv3 write key exchange A SSL_accept:SSLv3 write certificate request A SSL_accept:SSLv3 flush data depth=1 C = aa, ST = a, L = a, O = a, OU = a, CN = cc, emailAddress = a verify error:num=19:self signed certificate in certificate chain verify return:1 depth=1 C = aa, ST = a, L = a, O = a, OU = a, CN = cc, emailAddress = a verify return:1 depth=0 C = aa, ST = a, O = a, OU = a, CN = ac, emailAddress = a verify return:1 SSL_accept:SSLv3 read client certificate A ... yeah.. so everything was all right.. openssl just didn't disconnect after auth failure.. event though it should! -- View this message in context: http://old.nabble.com/confused-with-openssl-server-client-behavior-tp32396398p32398717.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
