Hi all, Thanks for all the feedback I received regarding this matter.
I'm just sending one last message to close the issue: despite BIO_do_handshake() succeeding, I couldn't retrieve the client certificate with SSL_get_peer_certificate(). :-( What I did is remove the BIO layer from my software and use SSL directly over unix sockets. Now it works like a charm. Cheers, Felipe On Mon, Feb 1, 2010 at 8:55 PM, Felipe Franciosi <fel...@paradoxo.org>wrote: > Dear Kyle, David and Dr.Henson, thanks for all your replies. > > I will have a look on the debug generated by s_client and probably post > them here in a minute. > > In the meantime, let me appologise for not being specific about the error I > am getting and provide you with more information: > > When the client doesn't have a certificate at all, BIO_do_handshake() > fails, accusing this: > 20070:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not > return a certificate:s3_srvr.c:2455: > > (Which is the correct behaviour!!!!) > > When I use my client (with the proper CA signed certificates), > BIO_do_handshake() actually succeeds. The error I get is that > SSL_get_peer_certificate() actually returns NULL (when I believe it should > return my client's certificate instead). > > My best regards, > Felipe > > > On 1 Feb 2010, at 19:08, Dr. Stephen Henson wrote: > > On Mon, Feb 01, 2010, Felipe Franciosi wrote: >> >> Dear Patrick, >>> >>> Thanks for the reply! >>> >>> I took the error checking out on purpose for the sake of the message >>> size. >>> I'm sending my client's code, but I still think the problem is on the >>> server. >>> >> >> What error printing do you do? You should call ERR_print_errors_fp(stderr) >> or >> similar and see if it gives you any useful message (see FAQ). >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > >
