Lutz,
Thanks for your response. If I understand this correctly, certificate
is stored in the session table so that application can retrieve it
in the resumed connections (in case it needs it), but from the ssl
protocol point of view client certificate is not used any where
other than establishing the new session..
Thanks,
Nagaraj
>
> On Mon, Jan 22, 2001 at 09:11:04AM -0800, Nagaraj Bagepalli wrote:
> > Peer certificate is stored in the SSL_SESSION structure, is peer
> > certificate required any where during short handshake negotiation phase
> > (resumed connections)? I was under the impression that certificates
> > are used only during the new session creation and for the resumed
> > connections master secret along with the randoms are sufficient for
> > generating the keys, can someone please explain why certificates
> > are being stored in session table?
>
> The peer certificate is stored inside the session table so that you
> can call
> SSL_accept(ssl);
> SSL_get_peer_certificate(ssl);
> and get the certificate of the peer for the session actually being used.
> Depending on the peer's certificate (identity) different levels of
> permission might be granted.
>
> Best regards,
> Lutz
> PS. Don't forget to call
> SSL_get_verify_result(ssl) ...
> to check whether the certificate passed verification...
> --
> Lutz Jaenicke [EMAIL PROTECTED]
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
