Hello all,
I build a ssl server with client authentication ( I use openssl 0.9.8d)
I wanted to know why I have the error "no certificate returned" when the client
certificat is revoked and not a more explicit one.
I decided to compile the openssl code to check where my pb is :
in s3_srvr.c , I found the code executed:
i=ssl_verify_cert_chain(s,sk);
if (!i)
{
al=ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
goto f_err;
}
and ssl_verify_cert_chain function performs a lot of control including the peer
crl check ( I have seen it with printf...)
Is there a way to get a more appropriate stack error like
SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED which is a variable not used now ?
Or shall I wait a new version of Openssl ?
thank you for your response,
Jf
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
