asking for client certificates

[Alan McIlwain Perez]

Hi,   I have a server with openssl 0.9.6.  When someone makes a connection to it, I'd like it to request for a client certificate.   I am using the function SSL_get_peer_certificate( ) once the handshake is finished, after the call to SSL_accept( ). Every time I get "client does not have a certificate". The browser does not ask me which certificate I want to use. I thought the problem was with my client certificate but I've tried Oliver Bode's link and it did ask me for my certificate. The certificate is signed with a CA certificate which I created with openssl.   Which function(s) should I use?   Thanks,   Alan   PS. I'm still having another problem if you have any leads I'll appreciate it. It was posted with the subject outofmemoryerror :     I'm trying to make a tls connection with a java client in a windows 2000 to an openssl server, 0.9.6, in a solaris 2.7. This server has a certificate made with openssl and signed with a selfsigned CA certificate made with openssl. The jar is compiled using java 1.3 and jsee 1.02, global version.   The jar tries to connect to the server and then asks it for its certificate. The server after the handshake, SSL_accept, does a SSL_read waiting for the client's request, and that gives me a -1, but I don't know where does it come from.   Using the java debug, at end of the handshake I get:   *** Finished, v3.1 verify_data:  { 46, 237, 113, 20, 73, 156, 219, 100, 203, 43, 173, 197 } *** %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA] [read] MD5 and SHA1 hashes:  len = 16 0000: 14 00 00 0C 2E ED 71 14   49 9C DB 64 CB 2B AD C5  ......q.I..d.+..   Exception in thread "main" java.lang.OutOfMemoryError         <<no stack trace available>>     If I try the same connecting to https://www.thawte.com I get: *** Finished, v3.1 verify_data:  { 176, 29, 83, 49, 216, 237, 92, 84, 237, 88, 22, 92 } *** %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA] [read] MD5 and SHA1 hashes:  len = 16 0000: 14 00 00 0C B0 1D 53 31   D8 ED 5C 54 ED 58 16 5C  ......S1..\T.X.\ xxx getSigAlgName() (MD5withRSA) xxx getSigAlgOID()  (1.2.840.113549.1.1.4) xxx getIssuerDN().getName() ([EMAIL PROTECTED], CN=Thawte Ser ver CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,  ST=Western Cape, C=ZA)   I get the same error if instead of asking for the certificate I ask for a html page, or stopping after the handshake.   I've searched through the mailing lists in openssl and java without any success.