> But in s_server.c, after the two functions, there is another function: > SSL_CTX_set_client_CA_list(). It seems that this function has > something to do with client-verify. Hi, This is used when you turn on client authentication. You need this function to set the list of CA names that the server send to the client in 'Certficate Request' message. The client then checks if it has a certificate signed by one of these CAs to send to the server. If it doesnot then, ideally the handshake should fail if client authentication is not optional. Amit. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]