On Fri, Jan 20, 2006, Lusiana Lusiana wrote: > > I tried to test this using OpenSSL s_client connecting to a web server > whose certificate is self-signed. I didn't import server certificate > to the client in prior to testing this. > Therefore, I expected the session establishment would fail as client > had no trusted certificate to verify the server certificate. > However, the s_client seemed to successfully established session to the > server. > > What am I missing here? > Doesn't client need server's self-signed certificate to validate the > transmitted certificate? > Or is there a setting that allows accepting of self-signed certificate? >
The s_client utility is a test utility which will continue with a connection after a certificate chain verification failure. A normal client would exit under those circumstances. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
