Steve:
First,thanks a lot, i need your help.
I have written a ssl proxy to improve security, and now i have
some problem:
1.I can only get site certification from IIS (apache build in
modssl is ok) using X509_STORE_CTX_get_chain() in my verify_call
which is a callback function used in SSL_CTX_set_verify, i think
this is iis's characteristic, really?
.
2. when he used my ssl proxy as his browser's ssl proxy,
I want to display a popup listbox to let user select personal
certificate when www site require personal certificate
just like IE and Netscape, so i must have already got site's
certify chain, i can't get it by using X509_STORE_CTX_get_chain()
in my verify_call, it only return site certificate ,when site
www server is iis, i can get root ca which signed this site
certificate, but no site's certify chain which can let me choose
my personal certificate.
Thanks a lot.
jasson zou
������վ�����߽�������ֵĶ������磬
�е�Ӱ������Ϸ������MTV��ǧ�������ˣ�
http://cartoon.163.com
�������ڽ���FLASH��Ϸ���������������ֵ����٣�
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]