I should have looked at the code again before I mouthed off. Of course, serv will always print the message "Client does not have certificate" because none of the setup for requesting a client cert has been done. The whole chunk of code between the /* Get client's certificate... */ comment and the one that starts /* DATA EXCHANGE... */ is a do-nothing. This should be cleaned up. This question comes up often enough that there maybe should be another demo client/server pair that can do client authentication. > -----Original Message----- > From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 16, 2000 5:01 AM > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > Subject: Re: demos/ssl/serv.cpp > > > On Thu, Mar 16, 2000 at 11:19:16AM +0200, [EMAIL PROTECTED] wrote: > > On Wed, 15 Mar 2000, Wade L. Scholine wrote: > > > From: Wade L. Scholine <[EMAIL PROTECTED]> > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > > Subject: RE: demos/ssl/serv.cpp > > I know that the demo's are intended to be minimal SSL > programs. There is > > just a part of them that I can not get to work.. The line: > > > > client_cert = SSL_get_certificate( ssl ); > > > > in serv.cpp always fails. I want to know how can I make > that one line > > work? > > Again, Wade already gave you the necessary answer. The client > will only > send the certificate to the server, _if_ explicitely asked to do so > during handshake. The default is to not ask for a client certificate. > On the server you must change the behaviour with the > SSL_[CTX_]set_verify() call and the options SSL_VERIFY_PEER > etc options. > Please check apps/s_server.c as an example on how the call is used and > grep for s_server_verify to see the setting of the options. > > Only then you can later access the client certificate. Or to > say it the > other way round, without setting the verify option, this > example should > never have shown a client certificate to anybody. > > Regards, > Lutz > -- > Lutz Jaenicke > [EMAIL PROTECTED] > BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
