George,
On the server side, in your call to SSL_CTX_set_verify(), you have two
choices if you want to enable client authentication: 1) SSL_VERIFY_PEER, and
2) SSL_VERIFY_FAIL_IF_NO_PEER_CERT. The first politely asks the client if it
will please authenticate, but the handshake will succeed even if the client
doesn't authenticate. With the second option, the client must authenticate
or the handshake fails. Are you perhaps using option #1?
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "George Lind" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 24, 2001 11:44 AM
Subject: client continues after server fails
> My server is doing client authentication. My client is also using verify
> peer. When the client attempts to connect it gets a certificate from the
> server and continues on. The server is not recieving a certificate from
the
> client so it is failing. The client attempts to write to the server but
the
> SSL_write fails because the server has failed. How can I stop the client
> before attempting to write to the server. Shouldn't the client fail on
its
> connect if the handshake is not successful on both ends.
>
> Thanks,
> George
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
