Can you provide the trace output files that Kyle asked for? Probably that can help us understand whats happening.
-Sandeep On Tue, Feb 2, 2010 at 9:58 AM, Felipe Franciosi <fel...@paradoxo.org>wrote: > Hi all, > > Thanks for all the feedback I received regarding this matter. > > I'm just sending one last message to close the issue: despite > BIO_do_handshake() succeeding, I couldn't retrieve the client certificate > with SSL_get_peer_certificate(). :-( > > What I did is remove the BIO layer from my software and use SSL directly > over unix sockets. Now it works like a charm. > > Cheers, > Felipe > > > On Mon, Feb 1, 2010 at 8:55 PM, Felipe Franciosi <fel...@paradoxo.org>wrote: > >> Dear Kyle, David and Dr.Henson, thanks for all your replies. >> >> I will have a look on the debug generated by s_client and probably post >> them here in a minute. >> >> In the meantime, let me appologise for not being specific about the error >> I am getting and provide you with more information: >> >> When the client doesn't have a certificate at all, BIO_do_handshake() >> fails, accusing this: >> 20070:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not >> return a certificate:s3_srvr.c:2455: >> >> (Which is the correct behaviour!!!!) >> >> When I use my client (with the proper CA signed certificates), >> BIO_do_handshake() actually succeeds. The error I get is that >> SSL_get_peer_certificate() actually returns NULL (when I believe it should >> return my client's certificate instead). >> >> My best regards, >> Felipe >> >> >> On 1 Feb 2010, at 19:08, Dr. Stephen Henson wrote: >> >> On Mon, Feb 01, 2010, Felipe Franciosi wrote: >>> >>> Dear Patrick, >>>> >>>> Thanks for the reply! >>>> >>>> I took the error checking out on purpose for the sake of the message >>>> size. >>>> I'm sending my client's code, but I still think the problem is on the >>>> server. >>>> >>> >>> What error printing do you do? You should call >>> ERR_print_errors_fp(stderr) or >>> similar and see if it gives you any useful message (see FAQ). >>> >>> Steve. >>> -- >>> Dr Stephen N. Henson. OpenSSL project core developer. >>> Commercial tech support now available see: http://www.openssl.org >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> >> >
