Thanks Katie, > And then we say "make certs" and it makes the certificates up to date.
I tried your makefile but it did not work for me (I did change the paths and fix the missing TABs) but it failed with the error. The rule for %.cert looks ok to me: gmake: *** No rule to make target `sv.cert', needed by `certs'. Stop. (I use GNU make 3.79). > There's a slight asymmetry in that you have to faff with the > PEER_mumble flags to get the client end to present a cert, and hand > check if one arrived or not (the server end is handled by > OpenSSL). ITSR it's something like you can set failure if a client > cert arrived and wasn't valid, but not if it just didn't send one. What are "PEER_mumble" flags? I can't find any reference to these. > Once all that's happened, both ends are talking to each other, they're > both authenticated, and then we get the certs from the > connections using; > > SSL_get_peer_certificate > > And then read out verification data using > > X509_get_ext_d2i > > etc. All our extension data is just plain strings which we > then hand off for more processing. I have a look at the manual pages for these, thanks. Regards, Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
