Hi Felipe, > -----Original Message----- > From: Felipe Franciosi
[snip] > SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_ONCE, NULL); > I believe my client is irrelevant at this point, because if I use > "openssl s_server", it works beautifully with my client. > However, when > I use my server and my client (or openssl s_client), it fails > accusing > my client of not providing the certificate. All points to my server > not requesting the client certificate properly. You configured your server to stop the handshake if the client doesn't provide a certificate. And that's - according to the information you provide - exactly what you see. So all points to your client indeed: You have to find out why your client does not send the certificate that your server requests. If you use s_client with your server, I guess you'll see the certificate request message your server is sending. In that message the server tells the client which CAs and which certificates it accepts. So either your client's code is buggy (do you check for error conditions in your OpenSSL invocations? your snippet didn't seem to indicate so), it can't access its certificate, its certificate is not of the types requested by the server or its certificate is not issued by one of the CAs accepted by the server - as indicated in the above mentioned certificate request message. HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org