On 10 Apr 2013, at 5:25 PM, igenyar wrote: > After receiving a certificate, the client needs to send challenge to server > to verify that the server does have the private key associated with the > certificate. (Besides other checkings such as DNS, etc.)
This happens as part of the "SSL handshake" --- you can google that phrase and find a variety of descriptions of the process, including the formal description of it in RFC 6101. > I wonder what OpenSSL API's would accomplish that. Links to knowledge or > sample source code are highly appreciated!!! Thank you for the help. The code is scattered around inside OpenSSL, depending on the protocol version, whether it's the client or the server side of the connection, etc. You could start with the ssl3_connect() function in s3_clnt.c (I think this is also used for TLSv1). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
