I have a server that does checking of the altSUbjectName against the source IP address of the client connection. When the verify fails the server (my code) closes the connection with extreme predjudice. What I'd like to do is to have my client (mine so I have code control) be able to work out that it was kicked off because it had a cert with an incorrect IP.
AFAIL there is no TLS alert corresponding to "custom" or incorrect IP. This leaves me a bit stuffed unless I can hijack an existing but uncommon alert (ugh) or do the IP verification at the application level (I can do this). Anyone got any good ideas? Andy S. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]