-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Snuggles wrote: > Hi, Hello Snuggles,
> I'm writing my own webserver and I want it to be able to do SSL based client > authentication. It can already do HTTPS, but when I try to do the SSL based > client authentication, the connection gets dropped. I use the following > routine to bind a SSL socket. > > SSL_CTX *ssl_binding(char *keyfile, char *CA_cert, int verify_depth, char > *dh_file, char *ciphers) { [...] > if (CA_cert != NULL) { > SSL_CTX_load_verify_locations(context, CA_cert, NULL); You have to do a SSL_CTX_set_client_CA_list(context, SSL_load_client_CA_file(CA_cert)); > SSL_CTX_set_verify_depth(context, verify_depth); > SSL_CTX_set_verify(context, SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); [...] > I hope anyone can tell what I am doing wrong or point me to some good > documentation. Thanks! see man page of SSL_CTX_set_client_CA_list() Bye Goetz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF5X4J2iGqZUF3qPYRAl/AAJ94+D7tZRwtx7cjIv9UKlaqY6fOkACeKKgw 6hEJI2ZMvHqFlcp4N7l79RI= =wXuj -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]