On Sat, Feb 27, 2016, Jeffrey Walton wrote:
> This came up recently on Stack Overflow. The server code specified
> SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but failed to call
> SSL_CTX_set_client_CA_list. The connection did not fail as expected.
>
> Looking at the man page for
Hi Jeff,
The test I just ran was done with NO custom callback :
SSL_CTX_set_verify( pCtx, AUTH_REQUIRE, NULL );
with AUTH_REQUIRE defined as ( SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT )
-Message d'origine-
De : Jeffrey Walton [mailto:noloa...@gmail.com]
Envoyé : samedi 27
> I have a server code whose context is configured with SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT and which do not call
> SSL_CTX_set_client_CA_list().
> In this case, handshake is failing as expected when clients didn't send a
> certificate.
Thanks Michel.
Does your server use the
Really ?
As your post alarmed me, I tried my tests programs again and didn't noticed
anything wrong.
I have a server code whose context is configured with SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT and which do not call
SSL_CTX_set_client_CA_list().
In this case, handshake is failing as
This came up recently on Stack Overflow. The server code specified
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but failed to call
SSL_CTX_set_client_CA_list. The connection did not fail as expected.
Looking at the man page for SSL_CTX_set_verify [1] and
SSL_CTX_set_client_CA_list [2] it