Re: client authentication (SSL_CTX_set_verify)

1999-11-17 Thread Pinca George
- Original Message - From: Bodo Moeller <[EMAIL PROTECTED]> To: Claus Assmann <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, November 17, 1999 9:37 AM Subject: Re: client authentication (SSL_CTX_set_verify) > On Tue, Nov 16, 1999 at 08:08:21PM -0800

Re: client authentication (SSL_CTX_set_verify)

1999-11-17 Thread Bodo Moeller
On Tue, Nov 16, 1999 at 08:08:21PM -0800, Claus Assmann wrote: > Thanks for the notification. A related question: > If the callback always returns 1, does > SSL_get_verify_result() > nevertheless return the correct value? > i.e., X509_V_OK iff the certificate could be verified? Yes, if the appli

Re: client authentication (SSL_CTX_set_verify)

1999-11-16 Thread Claus Assmann
On Tue, Nov 16, 1999, Bodo Moeller wrote: > On Sun, Aug 08, 1999 at 03:05:26PM +, Bodo Moeller wrote: > > Claus Assmann <[EMAIL PROTECTED]>: > >> how do I correctly set the verify_mode? Reading the code, > >> SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_PEER seem to be useful for > >> my purpose (tr

Re: client authentication (SSL_CTX_set_verify)

1999-11-16 Thread Bodo Moeller
On Sun, Aug 08, 1999 at 03:05:26PM +, Bodo Moeller wrote: > Claus Assmann <[EMAIL PROTECTED]>: [...] >> how do I correctly set the verify_mode? Reading the code, >> SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_PEER seem to be useful for >> my purpose (try to verify the client, but don't fail). [...]

Re: client authentication (SSL_CTX_set_verify)

1999-08-09 Thread Bodo Moeller
On Sun, Aug 08, 1999 at 06:24:04PM -0700, Claus Assmann wrote: > I use some slightly different code > than your example which worked for my tests: > > init: > SSL_CTX_set_verify(ctx, SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER, verify_cb); > > static int verify_cb(int

Re: client authentication (SSL_CTX_set_verify)

1999-08-08 Thread Claus Assmann
On Sun, Aug 08, 1999, Bodo Moeller wrote: > Claus Assmann <[EMAIL PROTECTED]>: > >>> Question: is there some simple way to find out whether the client > >>> has been authenticated? I registered a callback with SSL_CTX_set_verify, > >>> but I don't completely understand it... Thanks again for you

Re: client authentication (SSL_CTX_set_verify)

1999-08-08 Thread Bodo Moeller
Bodo Moeller <[EMAIL PROTECTED]>: [...] > SSL_CTX_set_cert_verify_callback takes two arguments, the second of > which is never used. Obviously the idea was the second one would be > passed to the callback -- this will likely be done so in OpenSSL > 0.9.5. All your callback has to do is call X50

Re: client authentication (SSL_CTX_set_verify)

1999-08-08 Thread Bodo Moeller
Claus Assmann <[EMAIL PROTECTED]>: >>> Question: is there some simple way to find out whether the client >>> has been authenticated? I registered a callback with SSL_CTX_set_verify, >>> but I don't completely understand it... >> Do you have to use a callback? You can use SSL_get_verify_result >

Re: client authentication (SSL_CTX_set_verify)

1999-08-06 Thread Bodo Moeller
On Thu, Aug 05, 1999 at 01:28:56PM -0700, Claus Assmann wrote: > Question: is there some simple way to find out whether the client > has been authenticated? I registered a callback with SSL_CTX_set_verify, > but I don't completely understand it... Do you have to use a callback? You can use SSL_

client authentication (SSL_CTX_set_verify)

1999-08-05 Thread Claus Assmann
Question: is there some simple way to find out whether the client has been authenticated? I registered a callback with SSL_CTX_set_verify, but I don't completely understand it... I need this information in my application which makes certain decisions based on it (e.g. allow different operations).