the ssltest -client_auth fails to verify certificates sent by the
client. I have not looked into the problem for this test but came across
it when testing the following setup :
server with server.pem
client with client.pem
CA cert.pem
with both server.pem and client.pem being signed by the same CA. This is
probably the most simplistic setup I can imagine for 2 way
authentication and I have used it with several other SSL implementations
and it works. But then I don't like the other SSL implementations, so I
went ahead and did what I could with openssl.
As I could verify that the client's certificate was being received, and
I knew the client had no trouble verifying the server correctly I made
the following quick hack :
diff ssl_cert.orig.c ssl_cert.c
457,458c457,458
< if(s->server) i = X509_PURPOSE_SSL_CLIENT;
< else i = X509_PURPOSE_SSL_SERVER;
---
> /*if(s->server) i = X509_PURPOSE_SSL_CLIENT;
> else*/ i = X509_PURPOSE_SSL_SERVER;
Now that both sides were treated equally this particular setup works,
and I am happy ;)
however I have no idea of the implications of what I have done, and can
in no way recommend that anyone else does the same. Also ssltest
-client_auth still doesn't work.
Anyway, it would seem that when X509_PURPOSE_SSL_CLIENT is in effect the
cert verification process is not quite what it should be. It would be
greatly appreciated if this could be resolved properly, if this has not
been done already.
Please advise if I am sending this to the wrong mailing list.
Regards,
Dgym Bailey
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
