How do you know that s isn't null? Have you actually called SSL_CTX_set_verify or SSL_set_verify? Without that being called, there is no request for the certificate from the client. How do you know the client is sending the certificate?
Can you still send data across the link? Or is it torn down? (is your SSL_set_verify callback being called?) Atop this, you can always use s_client to use a particular client certificate (and key), and dump the entire state of the connection for debugging. Also, which version of OpenSSL are you using? Which platform are you on? -Kyle H On Mon, Jul 28, 2008 at 7:55 PM, M <[EMAIL PROTECTED]> wrote: > Thanks, I've read the man page for SSL_get_peer_certificate() and it says it > returns NULL if " No certificate was presented by the peer or no connection > was established." After tracing through the code I see that > SSL_get_peer_certificate() returns null because no connection has been > established, ie it enters the following > piece of code "if ((s == NULL) || (s->session == NULL))". I know for a fact > that s is not NULL which means that s->session is NULL. Do you know of a > reason why s->session would be NULL? > > Thanks, > John > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
