Re: [openssl-users] Has client validated successfully?

On 2/20/2018 9:34 AM, J Decker wrote: > Client does a verification and passes or fails, and via the SSL layer > I can query if the client validated the certificate. > If it failed, provide a option for the client to get a renewed > certificate for verification.  If success, no action. > If an

Re: [openssl-users] Has client validated successfully?

No, you cannot query the SSL layer to know if the client validated the certificate. SSL/TLS don't provide any means of querying the remote side. Here's how the workflow works: 1) client doesn't trust certificate, doesn't override distrust: connection closes with fatal unknown_ca or

Re: [openssl-users] Has client validated successfully?

On 02/20/2018 06:34 PM, J Decker wrote: > Yes that is true however here's the scenario. > Client does a verification and passes or fails, and via the SSL layer I can > query if the client validated the certificate. > If it failed, provide a option for the client to get a

Re: [openssl-users] Has client validated successfully?

On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Deloget wrote: > Hello, > > On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton wrote: > > > The only thing that the server can know is whether the client has > > terminated the connection with a fatal alert. If the

Re: [openssl-users] Has client validated successfully?

The only thing that the server can know is whether the client has terminated the connection with a fatal alert. If the client validates presented cert chains, then its continuation with the connection means that it passed validation. If the client does not, or ignores any given error, then it

[openssl-users] Has client validated successfully?

Is there a way for a server to know if the client verified the cert chain successfully or not? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users