On Thu, May 06, 1999 at 06:03:11PM +0200, Juan Pablo Rojas Jimenez wrote:
[...]
> The thing is that i'm trying to write a client and a server working
> over ssl by using the BIO abstraction ( i wasn't able to do it with
> SSL_calls only ), something as it's done in demos/bio/
> sconnect\s_accept .c.
>
> I have made them comunicate to each other , but i have a couple of
> problems:
>
> 1.- Neither the server or the client can obtain their peer
> certificate until they do a BIO_read/BIO_write call, � how can i solve
> that ?
If you were using the SSL layer, you'd do SSL_accept or SSL_connect
(depending on whether it's a server or a client); there are no
equivalent features in the BIO interface to the SSL layer, but I
suppose you can just use the SSL functions directly on the appropriate
SSL structure.
> 2.- Once the server call to SSL_get_peer_certificate() call do
> return a value != NULL , what it returns is it's own certificate �?
> Does anyone know why?
> I've previously called SSL_CTX_set_verify with
> SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, i supposed it would forze it
> to get the client cert. ( Is this correct ? )
You should use SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
I don't know if this has anything to do with the server's seeing its
own certifcate as a "peer" certificate (it would be a bug, then).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
