my last mail seem to be lost somewhere..
Hi all,
Im testing an SSL server with s_client. I want to implement client authentication.
The problem is even if I include the certificate and key file in my client call, SSL_get_peer_certificate()
returns NULL
I tried the following calls,
a) S_client -connect ip:port
b) s_client -connect ip:port -cert clientcert.pem -key clientPrivkey.pem
** the certificate is self signed.
here is the piece of code of my server..
SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL );
SSL_accept();
//SSL_accept is successful
X509 *peer;
peer = SSL_get_peer_certificate( ssl );
if( peer == NULL )
{
errorexit( " cannot get the certificate " );
}
else
{
if( SSL_get_verify_result( ssl ) == X509_V_OK )
{
printf( " certificate OK " );
// do read and write......
}
}
Irrespective of my s_client call ( a or b ) I get the error " cannot get the certificate"
Am I missing something?
Expecting your valuable suggestions..
Thanks in advance.
-Samy
- problem in client authentication Samy Thiyagarajan
- RE: problem in client authentication Mark
- How to disable id and password check Chuck Aaron
- Re: How to disable id and password check Kyle Hamilton
- problem in client authentication -no luck Samy Thiyagarajan
- RE: problem in client authentication -no l... David C. Partridge
- client authentication - error message ... Samy Thiyagarajan
- error : unknown ca :( Samy Thiyagarajan
- Re: error : unknown ca :( Dr. Stephen Henson
- thanks Samy Thiyagarajan
- Re: problem in client authentication -no l... Peter Sylvester