Hi all,
I've been trying to write a server application that for some resources
requests a client certificate from the user.
I call SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_list before
starting listening on the socket and then analyze the requests and for some
requests I call SSL_set_verify with a callback function (with mode
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE).
I then call SSL_renegotiate to actually request the certificate.
I see that the connection is indeed renegotiated and that a client
certificate is requested by the server. I also see that the server receives
the client certificate (both through step debugging and through the info
callback) but my call back function is never called.
Had I used the SSL_CTX_set_verify with a callback function before starting
the connection the callback function would have been called.
Does this sound familiar to anyone? Is there a way to renegotiate a
connection for client certificates and get a callback on a per connection
basis (as opposed to a per context basis)?
I tested this with both openssl 0.9.5a and 0.9.6b and it seems to be the
same in both cases.
Thanks in advance for your time and help,
Ori Yosefi.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
