Thank you Dr. Henson for the answer ..
I feel more ensured ... :)
I achieved to go a little bit further in my test now after having put the right
certificate in client side.
I am quite suprised by the behaviour of my server since when the client
certificate belongs to the CRL list handled by my server, I have this time the
handshake error ("no certificate returned"). I was expecting for a message like
"CR revoked .." ( the client connexion was refused before I use
SSL_get_verify_result API as I expected first.)
Is it the normal behaviour or have I forget to set an option?
jf
Selon "Dr. Stephen Henson" <[EMAIL PROTECTED]>:
> On Tue, May 15, 2007, [EMAIL PROTECTED] wrote:
>
> >
> > Thank you for your response.
> > Actually I use the default verify_callback function (NULL)
> > "SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);"
> > By default it does not take into account possible errors coming from client
> > certificate?
> > Does it mean it is compulsary to call a verify_call_back function ?
> >
>
> No, quite the opposite. For many purposes you don't need a custom callback.
>
> Unfortunately some "guides" insist a callback is necessary some even
> supply a debugging callback which ignores all errors and results in zero
> security.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
