One needs to call a verify call back and set an appropriatereturn code. The server might well accept things and give a temporary and lmimitred access, the self signed cert can be stored, an admin validates, etc. It can also be that the server is
actually a person that accepts or not..
Alain Damiral wrote:
For which reasons do you want to accept self signed certificates ?... I do not understand why deactivating client authentication as Konark suggested wouldn't be good enough.Samy Thiyagarajan wrote:Thanks konark. When I initialize my ctx i call the following functions..# SSL_CTX_set_verify() with option SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT# SSL_CTX-set_client_CA_list( ctx, cafile)things are fine when the client request for a connection with a certificate signed by one of the listed CAs (in the cafile)For some reasons I also wish to accept self signed certs( user needs to decide to accept or not ). So when a client comes up with a self signed cert , the server reports ' unknown ca ' error. I understand that this is b'coz it is not signed by trusted CA. All i want to know is what needs to be done on server side to accept the self signed.I really appreciate ay kind of assistance. Thanks Samy
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
smime.p7s
Description: S/MIME Cryptographic Signature