The name in the certificate will not be automatically verified for you.
Your application has to verify that the name specified in the certificate
somehow matches who your peer claims to be. So if client verifies a
certificate of a server it should make sure that the name in certificate
matches the hostname that it used to connect to this server. With client
it's usually app specific -- somewhere as part of your protocol your client
is probably supplying username or something like that -- this username
should be verified to be mentioned in the certificate. If your server
doesn't do any authentication of the client you don't need the client
certificate at all.
For now, I don't even want to verify anything. and even when implenting the
server and using it with a web browser, I have problems : FireFox works wuite
fine, but I can't have any page displayed with IE 6.
Do you get any error? Might be result of not having the right ciphers
configured.
I've read the man pages for SSL_accept and the only clue I first found was
the non-blocking socket. And mine was already non-blocking.
What do you mean then?
I tried to continue despite the WANT_READ error and when I call BIO_gets,
it does not read anything : it returns -1 (and SSL_ERROR_SSL if I use
SSL_get_error which I'm not sure)
When the socket is non-blocking you have to pretty mcuh always assume that
any call can fail with WANT_READ or WANT_WRITE and you will have to just
repeat the call again. Usually it is a good idea to do appropriate (read or
write) select() before repeating the call.
What if I use a blocking socket?
Blocking socket should only return with a success or final failure (which
doesn't have to be retried).
Anyway, as I can now start to connect to my server via a web browser, I'm
coming to the client part.
The SSL_connect always return 0.
Use the error printing routins I mentioned in my prev. email to get
details on why does it fail.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
