Hi Fred, Thanks for the response.
I have read the manual page ;-) However I don't understand the full implications of using or not using this function in a server. If I use it what does the client do with it? Does the client still need a copy of the root certificate or is this provided automatically by the server? The O'Reilly Book makes no mention of this function that I can find. Do I need to program the client side any differently? Does SSL_load_client_CA_file() load the relevent information from the root certificate or do I have to do something else to get this info? Thanks & Regards, Mark > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Frédéric Donnat fdonnat-at-netsecureone.com |Openssl/1.0-Allow| > Sent: 05 December 2005 23:16 > To: Mark Williams > Subject: RE : SSL_CTX_set_client_CA_list functions > > Hi, > > In SSL protocol the server is supposed to send the client a > list of CA (taht the server trust) for client authentication. > The SSL_CTX_set_client_CA_list() is here to setup this list > of CA "name". If none are provided the certificate location > should be used to do so. > > Have a look at the online documentation. > http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html# > > hope it could help > Fred > > -------- Message d'origine-------- > De: Mark [mailto:[EMAIL PROTECTED] > Date: ven. 12/2/2005 2:22 > À: openssl-users@openssl.org > Cc: > Objet: SSL_CTX_set_client_CA_list functions > Hi All, > > Can somebody please explain whether one of the CA_list functions > is necessary in a server that needs to authenticate a client? > > I am using the SSL_CTX_load_verify_locations() to point to the > certificates directory containing the root certificate and all > client certificates. Is that sufficient? > > Best Regards, > Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]