On Fri, Dec 14, 2001 at 04:19:41PM +0530, ratan.sarkar wrote:
> I am trying to implement Client authentication through SSL ..
> but I am lil bit confused abt the verify callback function ...
> what I want is ,at the time of handshake server will get the client cerificate and
>server will check the DN and timestamp of the client cerificate ..
> I have set the
> SSL_CTX_set_verify(m_ctx, SSL_VERIFY_PEER |
>SSL_VERIFY_FAIL_IF_NO_PEER_CERT,SSLCallBack);
> to get the client certificate in the server and implemented the callback function ...
> this is working fine but the call back finction has been called 3 times every time I
>am asking for client authentication ...
> inside the call back function I am getting the peer certificate ...but even though I
>am checking out the X509_notAfter field ...with an out dated certificate this the
>whole authentication process is working smoothly ...
> here is my call back function ...
> SSLCallBack(int ok,X509_STORE_CTX *ctx)
Here the "ok" value shows, whether OpenSSL's internal checking routines
detected a problem. Please check out, whether ok is "1" (passed
verification) or "0" (verification failure). Only when ok is set
to 0, the return value of X509_STORE_CTX_get_error(ctx); is
significant.
If not sure, you should start without a callback function and see,
whether the certificate verification fails (it should).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
