client authentication prob

[ratan.sarkar]

Hi, I am trying to implement Client authentication through SSL .. but I am lil bit confused abt the verify callback function ... what I want is ,at the time of handshake server will get the client cerificate and server will check the DN and timestamp of the client cerificate ..  I have set the SSL_CTX_set_verify(m_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,SSLCallBack);   to get the client certificate in the server and implemented the callback function ... this is working fine but the call back finction has been called 3 times every time I am asking for client authentication ... inside the call back function I am getting the peer certificate ...but even though I am checking out the X509_notAfter field ...with an out dated certificate this the whole authentication process is working smoothly ... here is my call back function ... SSLCallBack(int ok,X509_STORE_CTX *ctx) {     int iRetVal=0;        X509 *cert=NULL;      int err=0;      char    buf[256];      memset(buf,0,256      getting the peer certificate      cert = X509_STORE_CTX_get_current_cert(ctx);      if(cert==NULL)      {           iRetVal=0           return iRetVal ;      }      err=X509_STORE_CTX_get_error(ctx); switch (ctx->error)   {    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:          cout<<"peer certificate not found"<<endl;     iRetVal=0;     return iRetVal;         case X509_V_ERR_CERT_NOT_YET_VALID:    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:        case X509_V_ERR_CERT_HAS_EXPIRED:    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:        cout<<"peer certificate no more valid"<<endl;     iRetVal=0;     return iRetVal;       }    X509_NAME_oneline(X509_get_subject_name(cert), buf, 256);  if(buf==NULL)  {   iRetVal=0;   return iRetVal;  }    check the peer DN in the existing DN vector, if not there then return failure (0)  }   thanks in advance .. Ratan sarkar