> From: owner-openssl-...@openssl.org On Behalf Of Dmitry Belyavsky via RT > Sent: Wednesday, April 23, 2014 12:29 > Cc: openssl-dev@openssl.org > Subject: [openssl.org #3325] Problem with client certification authorization
> I've got a problem testing s_client/s_server authorization. <snip> > I expect that server will refuse connection because of invalid client cert > and required client certificate. > > I see the following error in stderr of the server: <snip> > verify error:num=7:certificate signature failure <snip> > but the server does not close the connection. > What's wrong with my test? > Your expectations. Both s_client and s_server were designed as test/debug tools. They set the certverify callback to display results but continue the connection, not abort, in order to allow catching any other problems. s_client does not abort if the server cert is invalid and s_server does not abort if the client cert is invalid. Although, if you 'require' client with -Verify uppercase on s_server and the client sends *no* cert it does abort. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org