> From: owner-openssl-us...@openssl.org On Behalf Of Troyanker, Vlad
> Sent: Wednesday, October 02, 2013 20:17
> In response to David: If I do not set VERIFY_PEER flag, then client does
> NOT deliver its certificate to server. At least SSL_Peer_Certificate()
> returns null.
>
You do need VERIFY i
Thanks for the pointers to both David and Wim.
In response to David: If I do not set VERIFY_PEER flag, then client does
NOT deliver its certificate to server. At least SSL_Peer_Certificate()
returns null.
With regards to installing the self-signed certs on each host. Does it not
defeat the purpos
On 1 Oct 2013, at 3:00 PM, Troyanker, Vlad wrote:
> PROBLEM: the server fails SSL connection with SSL_accept: tlsv1 alert unknown
> ca
>
> The funny part I cannot even find where in source code that error (code
> SSL_R_TLSV1_ALERT_UNKNOWN_CA) gets thrown. I am looking through
> openssl-1.0.1e/
1. If you use certs, you are authenticating in SSL, perhaps unnecessarily if
you doing some other auth and using that.
If you don't need SSL auth, why not just use anonymous-DH or anonymous-ECDH?
That's exactly what they exist for.
2. To be clear, setting FAIL_IF_NO_PEER in server doesn't actu
