Greetings, If the verification of the server certificate chain fails, the client can choose how to react (s->verify_mode = SSL_VERIFY_NONE or SSL_VERIFY_PEER). The server, however, always sends a fatal alert, if the verification of the client cert chain fails. Eric, is this on purpose or did you forget to check the flag in ssl3_get_client_certificate()? I also included in ssl3_get_client_certificate() a check whether the client cert is of the cert_type the server wanted. If you are interested, I can send you the code. I use a different library (SECUDE) for the crypto stuff, but the code should be easily translatable. Cheers, Patrick +-------------------------------------------------------------------------+ | Administrative requests should be sent to [EMAIL PROTECTED] | | List service provided by Open Software Associates, http://www.osa.com/ | +-------------------------------------------------------------------------+
