Re: Client Auth with S/MIME certificates - certificate purpose problem

Yaroslav Fri, 12 Feb 2010 05:36:19 -0800

I found a solution, it looks like a dirty hack and making a securityhole, but it works for our custom purposes. So I don't recommend to usethis way. Somehow it may be interested for somebody.

It's needed to patch openssl.
In 'openssl/ssl/ssl_cert.c' file, in 'ssl_verify_cert_chain' function
replace


X509_STORE_CTX_set_default(&ctx,
          s->server ? "ssl_client" : "ssl_server");

 by

X509_STORE_CTX_set_default(&ctx, "any");


Yaroslav
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majord...@modssl.org

Re: Client Auth with S/MIME certificates - certificate purpose problem

Reply via email to