SSL_VERIFY_PEER with SSL_VERIFY_CLIENT_ONCE

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SSL_VERIFY_PEER with SSL_VERIFY_CLIENT_ONCE

Cesc Santa
Hi,

I am trying to build an application server which requests a client
certificate, but that if this is not provided, it will not fail, just
generate a warning.

To request the client cert, i set the SSL_VERIFY_PEER.
To make it not fail if client does not provide cert, i use
SSL_VERIFY_CLIENT_ONCE (xored with the previous, of course). Is it
correct?

Can I do it just with this flags, or better go implementing the
verify_callback function to do this?

Another question ... where can I find a good verify_callback function?
the one in s_server.c does the verify_depth checking thing, which i
don't quite understand.

Regards,

C.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]