Has client validated successfully?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Has client validated successfully?

d3x0r
Is there a way for a server to know if the client verified the cert chain successfully or not?  

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Has client validated successfully?

Kyle Hamilton
The only thing that the server can know is whether the client has
terminated the connection with a fatal alert.  If the client validates
presented cert chains, then its continuation with the connection means
that it passed validation.  If the client does not, or ignores any
given error, then it doesn't mean that it passed validation.

In other words, you can only know if the client's applied policy
allows the connection to continue.  You cannot know if the policy that
was applied was specifically related to the certificate chain
presented.

-Kyle H

On Mon, Feb 12, 2018 at 10:06 PM, J Decker <[hidden email]> wrote:
> Is there a way for a server to know if the client verified the cert chain
> successfully or not?
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users