Hi,
I have seen a lot of posting on client certificate validation. But no clean
answer to client authentication. I see a reply and finally the poster
replies saying it doesnt work. It seems a lot of people have problems with
this and never got a perfect answer.
I like to implement mutual certificate authentication. I used the sample
code in all the postings.
Whenever I do a get_peer_certificate function on the serverside, it returns
NULL. Being the prime contact person on this list, could you please help me
setting up a sample client program which presents certificate to server so
that get_peer_Certificate wont return NULL and I can do verify on the
certificate.
Sudeep
>From: Lutz Jaenicke <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: Client -server certificate validation
>Date: Thu, 7 Dec 2000 23:23:17 +0100
>
>On Thu, Dec 07, 2000 at 04:34:43PM -0500, Sudeep Sudhakaran wrote:
> > I am trying to run s_server.c and s_client.c. I am trying to include
>two
> > way certificate verification.
> >
> > Whenever I do a peer=SSL_get_peer_certificate(con); on the server side
>it
> > always returns null. I am specifiying a client certificate on the
>s_client.c
> >
> > I am not that used to these certificate stuff. So I picked up the
>client.pem
> > /server.pem which comes with apps samples for client/server.
> >
> > I tried searching for
> > SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) and I cant find what
>is
> > CAfile and CApath. Is there something I should specifiy here..
>
>Please check out the latest state of the documentation available at
>www.openssl.org. There are several links at the bottom of ssl(3).
>Please check especially SSL_CTX_set_verify(3) and
>SSL_CTX_load_verify_locations(3).
>
>If this is not enough, check out the mailing list archive and search for
>SSL_VERIFY_PEER client certificate. You will see, that this topic has
>been discussed several times in the past.
>
>Best regards,
> Lutz
>--
>Lutz Jaenicke [EMAIL PROTECTED]
>BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
>Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
>Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
