On Mon, Jan 22, 2001 at 09:11:04AM -0800, Nagaraj Bagepalli wrote:
> Peer certificate is stored in the SSL_SESSION structure, is peer
> certificate required any where during short handshake negotiation phase
> (resumed connections)? I was under the impression that certificates
> are used only during the new session creation and for the resumed
> connections master secret along with the randoms are sufficient for
> generating the keys, can someone please explain why certificates
> are being stored in session table?
The peer certificate is stored inside the session table so that you
can call
SSL_accept(ssl);
SSL_get_peer_certificate(ssl);
and get the certificate of the peer for the session actually being used.
Depending on the peer's certificate (identity) different levels of
permission might be granted.
Best regards,
Lutz
PS. Don't forget to call
SSL_get_verify_result(ssl) ...
to check whether the certificate passed verification...
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
