Thank you Dr. Henson for the answer .. I feel more ensured ... :) I achieved to go a little bit further in my test now after having put the right certificate in client side. I am quite suprised by the behaviour of my server since when the client certificate belongs to the CRL list handled by my server, I have this time the handshake error ("no certificate returned"). I was expecting for a message like "CR revoked .." ( the client connexion was refused before I use SSL_get_verify_result API as I expected first.) Is it the normal behaviour or have I forget to set an option?
jf Selon "Dr. Stephen Henson" <[EMAIL PROTECTED]>: > On Tue, May 15, 2007, [EMAIL PROTECTED] wrote: > > > > > Thank you for your response. > > Actually I use the default verify_callback function (NULL) > > "SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);" > > By default it does not take into account possible errors coming from client > > certificate? > > Does it mean it is compulsary to call a verify_call_back function ? > > > > No, quite the opposite. For many purposes you don't need a custom callback. > > Unfortunately some "guides" insist a callback is necessary some even > supply a debugging callback which ignores all errors and results in zero > security. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]