Steve wrote:
>I've feel like I've answered this one aleph null times but maybe its
>just my imagination...
>When a server requests client auth it sends out a list of acceptable
>CAs. With s_server in OpenSSL this list is in the file passed in the
>-CAfile option it should be a PEM encoded set of acceptable CA
>certificates.
I don't think it is right. There is *no* need to (or cannot just) send out
a list of acceptable CAs. When a server requests the client auth, it sends
a certificate_request to the client. When the server receives the cert
from the client, it verifies the cert using its CAs.
The logic is reverse when a client requests a server auth.
--Yunhong
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
