----- Original Message -----
From: Bodo Moeller <[EMAIL PROTECTED]>
To: Claus Assmann <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, November 17, 1999 9:37 AM
Subject: Re: client authentication (SSL_CTX_set_verify)
> On Tue, Nov 16, 1999 at 08:08:21PM -0800, Claus Assmann wrote:
>
> > Thanks for the notification. A related question:
> > If the callback always returns 1, does
> > SSL_get_verify_result()
> > nevertheless return the correct value?
> > i.e., X509_V_OK iff the certificate could be verified?
>
> Yes, if the application verification callback calls X509_verify_cert
> or otherwise sets ctx.error. The value in ctx.error is always copied
> into s->verify_result, which is what SSL_get_verify_result returns.
> What my latest change to the SSL library does is make sure that this
> value is also restored when the application verification callback is
> not called because the session is found in cache so that no
> certificates appear in the handshake.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
