So this is some minor debugging I did to get to this problem.
Modified the following methods to add two printf lines:
ssl_lib.c:
X509 *SSL_get_peer_certificate(const SSL *s)
{
X509 *r;
if ((s == NULL) || (s->session == NULL))
{
printf("SSL_get_peer_certificate: s or session was null. returning
null x509\n");
r=NULL;
}
else
{
printf("SSL_get_peer_certificate: returning session->peer:
%p\n", s->session->peer);
r=s->session->peer;
}
...
d1-srvr.c:
int dtls1_accept(SSL *s)
{
...
case SSL3_ST_SW_CERT_REQ_A:
case SSL3_ST_SW_CERT_REQ_B:
if (/* don't request cert unless asked for it: */
...
else
{
s->s3->tmp.cert_request=1;
dtls1_start_timer(s);
ret=dtls1_send_certificate_request(s);
printf("ssl_accept: sent cert request; rc=%d\n", ret);
...
Recompiled and re-linked. When a call comes from the client I see the
following two lines:
ssl_accept: sent cert request; rc=1
...
SSL_get_peer_certificate: returning session->peer: (nil)
The same client and the same server, moments later, have the following
printouts:
...
ssl_accept: sent cert request; rc=1
...
SSL_get_peer_certificate: returning session->peer: 0xd74258
I cannot be 100% sure what changes on the client or on the server in
between. But the low-level client socket and ssl connections are exactly
the same in both scenarios. Also both use OpenSSL 1.0a
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
