[Net-ssleay-devel] Callback set using SSL_set_verify() does not
appear to work
Florian Ragwitz
rafl at debian.org
Thu Jul 20 11:57:35 UTC 2006
Sorry for the late reply,
On Tue, Jun 27, 2006 at 08:46:39PM -0700, Andrew Pimlott wrote:
> The above bug appears in the Net::SSLeay documentation. However, the
> explanation is rather mysterious, because it refers to see "ssl/ssl_lib.c
> line 1029" without saying which version of ssleay/openssl. I wonder if
> someone can give me a clue.
I made some refactoring of the SSL_{,CTX_}set_verify code. Probably the
latest SVN version works for you.
> I have some SSL client code where my callback gets called for one
> server, but not for another that is configured very similarly, down to
> using the same server key/cert and cert chain.
Probably that's because the former implementation was limited to only
one callback per perl instance which is shared for all contexts. This is
fixed in SVN now.
> Actually, what is really frustrating is that SSL_verify_mode also
> seems to be ignored for the second server. For both servers, I expect
> a "self signed certificate" error. In fact, when I run openssl
> s_client (using the same client key/cert and CA certs), that's what I
> get. But with Net::SSLeay, the connection is established without a
> complaint. Any ideas?
Some code would help, if you haven't solved that problem already anyway.
-Flo
--
BOFH excuse #164:
root rot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/net-ssleay-devel/attachments/20060720/e042d554/attachment.pgp
More information about the Net-ssleay-devel
mailing list