>From the mail thread I take it that your problem is visible at the
client side of the connection, so a server certificate should always
be send as long as you are not using an anonymous cipher (which
need to be enabled specifically).
Are you using SSL_connect() to explicitly connect to the server? Did
you check the return value of SSL_connect() to be 1 for success? There
must be a session established between the client and the server as the
session object contains the premaster secret from which the secret
keys for the communication are derived. Therefore the s->session object
cannot be 0 for an established connection.
You should also consider to use ssldump to analyze your connection
attempt on the wire. It also seems that wireshark is now quite powerful
in analyzing SSL protocol communication.
Best regards,
Lutz
M wrote:
> I know that s isn't null because I check its value before I call
> SSL_get_peer_certificate(). I've also verified that s->session is
> infact NULL before the call to SSL_get_peer_certificate().
>
> I can still send data across the link - I've tested using BIO_read()
> and BIO_write() to see if the machines can communicate and I was able
> to successfully write/read messages.
>
> One thing I did notice, and thanks for pointing this out, is that my
> SSL_set_verify callback
> function is never getting called which is strange.
>
> I'm using OpenSSL 0.9.8f running on AIX.
>
> Thanks,
> John M.
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
