On Tue, Jan 28, 2003 at 11:38:25AM +0530, Chandrasekhar R S wrote:
> In my server program, I use SSL_CTX_set_verity(ctx, SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0) to mandate that client cert should be
> present.
> If present, I use SSL_get_peer_certificate(ssl) to retrieve the client cert.
>
> In my client program, I use :
>
> SSL_CTX_use_certificate_file(CTX,CERTF,SSL_FILETYPE_PEM)
> SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM)
>
> calls to load a cert and a key into the client.
Use SSL_CTX_check_private_key() to check the correct initialization of
the keys.
> But, everytime, I run the client and the server, the server complains that
> client hasn't presented a cert. Is something else, needs to be done to get
> a client cert to the server.
Download ssldump from Eric's site and analyze the traffic to see:
* whether the client certificate is indeed requested
* whether the client does send its certificate or not.
> I am using openssl-0.9.7 on HPUX (Unix) systems.
I can assure you that it does work on HP-UX :-)
serv01 21: uname -a
HP-UX serv01 B.10.20 A 9000/780 2002495176 two-user license
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
