On Tue, May 15, 2007, [EMAIL PROTECTED] wrote: > > Thank you for your response. > Actually I use the default verify_callback function (NULL) > "SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);" > By default it does not take into account possible errors coming from client > certificate? > Does it mean it is compulsary to call a verify_call_back function ? >
No, quite the opposite. For many purposes you don't need a custom callback. Unfortunately some "guides" insist a callback is necessary some even supply a debugging callback which ignores all errors and results in zero security. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]