Very Very Usefull
Thanks.
My client is working. Now I'm starting to develop server!
Vincenzo
Bernhard Froehlich ha scritto:
Vincenzo Sciarra wrote:
I want to verify that a client certificate is issued by an acceptable
CA.
Thanks
You'd do it the same way as verifying that the server's CA is
acceptable. Would be something like
* Setting a CA-file or a CA directory containing the acceptable CAs
into the context with SSL_CTX_load_verify_locations
* Setting mode ***SSL_VERIFY_PEER* with SSL_CTX_set_verify
* Possibly also set a callback with SSL_CTX_set_verify or use
SSL_get_peer_certificate to check for extensions (for example to
do OCSP or CRL checking)
Hope it helps.
Ted
;)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
