[jaenicke - Wed Jan 15 12:28:24 2003]: > [[EMAIL PROTECTED] - Fri Jan 3 08:21:38 2003]: > > > When a non-blocking SSL_accept() returns -1 with SSL_ERROR_WANT_READ > > or > > SSL_ERROR_WANT_WRITE set, the appropriate thing to do is to call > > SSL_accept() again.
> I have analyzed your request. For me it seems, that s3_srvr.c already > contains all the code necessary: the certificate is verified only once > by ssl3_get_client_certificate() which is handled by its own state. > It calls ssl_verify_cert_chain(), which performs the verification of > the complete chain in one operation without being influenced by a > blocking or non-blocking setup. > I am using a non-blocking setup myself in Postfix/TLS and did not > observe the verify_callback() being called twice for the same purpose. According to my research, the behaviour matches the documentation and the verify_callback() is not called more often than necessary. As no new information came in with respect to this issue, I suppose that the problem was a misunderstanding of the expected behaviour. -> Ticket resolved. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]