On Tue, Mar 20, 2001 at 12:32:42AM +0000, Filipe Contente wrote:
> You have sent it to me before,
> and it didn't help...
>
> may you try to answer my questions???
>
> thanks
> Lutz Jaenicke wrote:
> >
> > On Mon, Mar 19, 2001 at 06:41:31PM +0000, Filipe Contente wrote:
> > > Hi everybody!
> > >
> > > what does a verify_callback method should do??
> >
> > http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
The requirements of the verify_callback routine are explained in this
manual page. It even contains an example.
> > > i'm trying to get client certificate , but im with a few troubles.
> > > the ssl->session->peer is NULL so it doesnt work.
> >
> > http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
To receive a client certificate, the server must send a request for a
cert to the client using the SSL_VERIFY_PEER option explained in the
manual page. (Of course, additionally the client must send you a cert,
but this is optionally unless the FAIL_IF_NO... option is also set.)
> > > i´m using SSl_set_verify before the SSL_accept method , is this right??
> > > but i don't know what my verify_callback function should do.
> >
> > http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
SSL_set_verify is correct, for the verify_callback see above.
> > > what is the difference betwen ssl_ctx_set_verify and ssl_set_verify??
> >
> > http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
SSL_CTX_set_verify works for the CTX and thus all SSL object are created
have these settings. SSL_set_verify only applies to one SSL object.
(This is explained in the manual page.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]