Vincenzo Sciarra wrote:
You'd do it the same way as verifying that the server's CA is acceptable. Would be something likeI want to verify that a client certificate is issued by an acceptable CA. Thanks
* Setting a CA-file or a CA directory containing the acceptable CAs
into the context with SSL_CTX_load_verify_locations
* Setting mode ***SSL_VERIFY_PEER* with SSL_CTX_set_verify
* Possibly also set a callback with SSL_CTX_set_verify or use
SSL_get_peer_certificate to check for extensions (for example to
do OCSP or CRL checking)
Hope it helps.
Ted
;)
--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
