s_client is your friend. Especially with the -debug and -showcerts options. As well as -cert and -key and -prexit and -state.
-Kyle H On Fri, May 1, 2009 at 3:54 PM, Jeff Davey <jeffda...@gmail.com> wrote: > Hi, > > I recently ran into an issue with OpenSSL 0.9.8k returning NULL when calling > SSL_get_peer_certificate() after a successful handshake. The issue doesn't > occur every time, but often enough. > > I reverted to OpenSSL 0.9.8j, and haven't been able to replicate the > problem. To verify, I again went 0.9.8k and the issue cropped up right away. > > I'm using the command on a custom SSL server, which has set VERIFY_PEER | > VERIFY_FAIL_IF_NO_PEER_CERT in the SSL_CTX. Also, I am trying to get the > peer cert after succesfully completing SSL_do_handshake, and additionally > reading some initial connection data from the client. > > SSL_CTX is setup to verify against a specific chain, and not default > locations. > > All sockets are non-blocking, using libevent in place of select. > > Also, statically linking against OpenSSL. > > I'm compiling OpenSSL on Ubuntu 64bit 9.04 with ./config no-idea no-comp > using gcc 4.3.3 > > I tried doing a quick diff between 0.9.8j, and 0.9.8k, but didn't see > anything obvious. > > Any ideas? > > Thanks, > > Jeff > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
