On Wed, Dec 29, 1999 at 10:37:24AM -0500, Jeffrey Altman wrote:
>> Probably ADH ciphers should be automatically excluded if
>> SSL_VERIFY_PEER is set. SSL_VERIFY_PEER usually means that the
>> application *wants* the handshake to fail unless the peer can be
>> authenticated; they should never set SSL_VERIFY_PEER if they
>> want anonymous ciphers.
> Not true. SSL_VERIFY_PEER means that the application is requesting
> the peer to send a certificate (if possible). Only if
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT does a certificate become required.
Yes, you're right of course. Sorry for the confusion.
> Anonymous ciphers should be excluded if
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT is set but not if only SSL_VERIFY_PEER
> is set.
Yes.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
