Re: client continues after server fails
I am "oring" these two constants together in my call to SSL_CTX_set_verify(). It still doesn't prevent the client from continuing. Do you have any other suggestions? Thanks, George George, On the server side, in your call to SSL_CTX_set_verify(), you have two choices if you want to enable client authentication: 1) SSL_VERIFY_PEER, and 2) SSL_VERIFY_FAIL_IF_NO_PEER_CERT. The first politely asks the client if it will please authenticate, but the handshake will succeed even if the client doesn't authenticate. With the second option, the client must authenticate or the handshake fails. Are you perhaps using option #1? _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "George Lind" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 24, 2001 11:44 AM Subject: client continues after server fails > My server is doing client authentication. My client is also using verify > peer. When the client attempts to connect it gets a certificate from the > server and continues on. The server is not recieving a certificate from the > client so it is failing. The client attempts to write to the server but the > SSL_write fails because the server has failed. How can I stop the client > before attempting to write to the server. Shouldn't the client fail on its > connect if the handshake is not successful on both ends. > > Thanks, > George > > __ > OpenSSL Project <http://www.openssl.org> > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project <http://www.openssl.org> User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] [prev in list ] [next in list ] [prev in thread ] [next in thread] Log in / Log out About MARC We're Hiring! <http://theaimsgroup.com/index.cgi?AIMS_Employment> Want to add a list? Tell us about it <mailto:[EMAIL PROTECTED]?subject=Add a list to MARC>. The AIMS Group <http://www.theaimsgroup.com/> __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: client continues after server fails
George, On the server side, in your call to SSL_CTX_set_verify(), you have two choices if you want to enable client authentication: 1) SSL_VERIFY_PEER, and 2) SSL_VERIFY_FAIL_IF_NO_PEER_CERT. The first politely asks the client if it will please authenticate, but the handshake will succeed even if the client doesn't authenticate. With the second option, the client must authenticate or the handshake fails. Are you perhaps using option #1? _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "George Lind" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 24, 2001 11:44 AM Subject: client continues after server fails > My server is doing client authentication. My client is also using verify > peer. When the client attempts to connect it gets a certificate from the > server and continues on. The server is not recieving a certificate from the > client so it is failing. The client attempts to write to the server but the > SSL_write fails because the server has failed. How can I stop the client > before attempting to write to the server. Shouldn't the client fail on its > connect if the handshake is not successful on both ends. > > Thanks, > George > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
client continues after server fails
My server is doing client authentication. My client is also using verify peer. When the client attempts to connect it gets a certificate from the server and continues on. The server is not recieving a certificate from the client so it is failing. The client attempts to write to the server but the SSL_write fails because the server has failed. How can I stop the client before attempting to write to the server. Shouldn't the client fail on its connect if the handshake is not successful on both ends. Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]