Steve:
First,thanks a lot, i need your help.
I have written a ssl proxy to improve security, and now i have
some problem:
1.I can only get site certification from IIS (apache build in
modssl is ok) using X509_STORE_CTX_get_chain() in my verify_call
which is a callback function used in SSL_CTX_set_verify, i think
this is iis's characteristic, really?
.
2. when he used my ssl proxy as his browser's ssl proxy,
I want to display a popup listbox to let user select personal
certificate when www site require personal certificate
just like IE and Netscape, so i must have already got site's
certify chain, i can't get it by using X509_STORE_CTX_get_chain()
in my verify_call, it only return site certificate ,when site
www server is iis, i can get root ca which signed this site
certificate, but no site's certify chain which can let me choose
my personal certificate.
Thanks a lot.
jasson zou
网易动画站带你走进神奇快乐的动画世界,
有电影、有游戏、还有MTV!千万别错过了!
http://cartoon.163.com
我们正在进行FLASH游戏的征稿活动,静待高手的来临!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
