Question: is there some simple way to find out whether the client
has been authenticated? I registered a callback with SSL_CTX_set_verify,
but I don't completely understand it...
I need this information in my application which makes certain
decisions based on it (e.g. allow different operations). I'm having
some trouble to understand the current functionality. Sometimes
the callback function gets called twice, e.g.:
TLS verify: ok=1, err=0, depth=1
TLS verify: ok=1, err=0, depth=0
or:
TLS verify: ok=0, err=20, depth=0
TLS verify failure: error=unable to get local issuer certificate
TLS verify: ok=0, err=21, depth=0
TLS verify failure: error=unable to verify the first certificate
and sometimes it doesn't get called at all.
It gets called twice because the verify function is done on each
certificate in the chain and it doesn't get called at all if no
certificate has been presented, correct?
So for the ok=1 case I could base the decision on depth=0?
But what's about the other case? How can I make find out when
it was the "last" call and "inform" my application about the
authentication?
I could use a global variable (preset to "no authentication") and
set it to the "AND" of the "ok" values, but that seems a bit ugly...
Is there some simpler way?
Thanks in advance!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
