-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Snuggles wrote:
> Hi,
Hello Snuggles,
> I'm writing my own webserver and I want it to be able to do SSL based client
> authentication. It can already do HTTPS, but when I try to do the SSL based
> client authentication, the connection gets dropped. I use the following
> routine to bind a SSL socket.
>
> SSL_CTX *ssl_binding(char *keyfile, char *CA_cert, int verify_depth, char
> *dh_file, char *ciphers) {
[...]
> if (CA_cert != NULL) {
> SSL_CTX_load_verify_locations(context, CA_cert, NULL);
You have to do a
SSL_CTX_set_client_CA_list(context,
SSL_load_client_CA_file(CA_cert));
> SSL_CTX_set_verify_depth(context, verify_depth);
> SSL_CTX_set_verify(context, SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
[...]
> I hope anyone can tell what I am doing wrong or point me to some good
> documentation. Thanks!
see man page of SSL_CTX_set_client_CA_list()
Bye
Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFF5X4J2iGqZUF3qPYRAl/AAJ94+D7tZRwtx7cjIv9UKlaqY6fOkACeKKgw
6hEJI2ZMvHqFlcp4N7l79RI=
=wXuj
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
