> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson > Sent: Thursday, 25 July, 2013 21:32
> > From: owner-openssl-us...@openssl.org On Behalf Of Marios Makassikis > > Sent: Thursday, 25 July, 2013 11:56 Aargh. Sorry, I read this wrong: > > In both cases, only the server validates the client cert. > > Additionally, I made > > sure to use large key sizes (2048 bits) and SHA1 as the > > algorithm to use for > > message digests as MD5 is broken. > > > Are you sure? According to your successful (0.9.8) traces, > the server requests client-auth and the client sends it. > Unless ppp (can be and) is configured to tell libssl > to do client-auth, but then supplies a callback that > ignores the validation (a la s_client) it is validating. > People so often say "only validate server" that my eyes saw that even though you clearly wrote "validate client". Ignore this and continue with the rest. Phooey. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
