On Thu, Oct 04, 2001 at 02:43:27PM -0400, Andrew Finnell wrote: > I'm having a problem getting my server on Solaris 8 ( Built with SunCC > 5.2 ) to obtain a certificate from my client. I have set SSL_CTX_set_verify > ( ctx , SSL_VERIFY_PEER, 0 ) on both client and server. I have created valid > certificates to the best of my knownledge. The same exact code works on > Windows ( any platform ). I am at a loss at what could be happening. > SSL_get_peer_certifiate always returns a null certificate.. Which to the > best of my knownledge means the client didnt send one or the verify failed. > How could I go about checking what is wrong? Thanks!
Your analysis is not quite correct. SSL_get_peer_certificate() will always return the certificate sent by the peer, regardless of the verification result (you have to use SSL_get_verify_result() to check it out). The logicial explanation is therefore, that the client did not send a certificate at all. This is also supported by your way to call SSL_CTX_set_verify(): as you do not supply a verify_callback(), the handshake will fail for any verification error. (I assume, that SSL_accept() returned with "1", indicating success, because otherwise the behaviour would be undefined anyway.) Please use ssldump (http://www.rtfm.com/ssldump) to analyze the SSL handshake. You will immediately see, whether a client certificate is being sent. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
