mirror of
https://github.com/openssl/openssl.git
synced 2024-11-29 04:55:11 +08:00
Clarify request of client certificates. This is a FAQ.
This commit is contained in:
parent
4f19a0672b
commit
197322455d
8
FAQ
8
FAQ
@ -47,6 +47,7 @@ OpenSSL - Frequently Asked Questions
|
|||||||
* Why do I get errors about unknown algorithms?
|
* Why do I get errors about unknown algorithms?
|
||||||
* Why can't the OpenSSH configure script detect OpenSSL?
|
* Why can't the OpenSSH configure script detect OpenSSL?
|
||||||
* Can I use OpenSSL's SSL library with non-blocking I/O?
|
* Can I use OpenSSL's SSL library with non-blocking I/O?
|
||||||
|
* Why doesn't my server application receive a client certificate?
|
||||||
|
|
||||||
===============================================================================
|
===============================================================================
|
||||||
|
|
||||||
@ -519,5 +520,12 @@ requiring a bi-directional message exchange; both SSL_read() and
|
|||||||
SSL_write() will try to continue any pending handshake.
|
SSL_write() will try to continue any pending handshake.
|
||||||
|
|
||||||
|
|
||||||
|
* Why doesn't my server application receive a client certificate?
|
||||||
|
|
||||||
|
Due to the TLS protocol definition, a client will only send a certificate,
|
||||||
|
if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
|
||||||
|
SSL_CTX_set_verify() function to enable the use of client certificates.
|
||||||
|
|
||||||
|
|
||||||
===============================================================================
|
===============================================================================
|
||||||
|
|
||||||
|
@ -17,6 +17,12 @@ peer presented. If the peer did not present a certificate, NULL is returned.
|
|||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
|
Due to the protocol definition, a TLS/SSL server will always send a
|
||||||
|
certificate, if present. A client will only send a certificate when
|
||||||
|
explicitely requested to do so by the server (see
|
||||||
|
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
|
||||||
|
is used, no certificates are sent.
|
||||||
|
|
||||||
That a certificate is returned does not indicate information about the
|
That a certificate is returned does not indicate information about the
|
||||||
verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
|
verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
|
||||||
to check the verification state.
|
to check the verification state.
|
||||||
@ -43,6 +49,7 @@ The return value points to the certificate presented by the peer.
|
|||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
|
L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
|
||||||
|
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
|
||||||
|
|
||||||
=cut
|
=cut
|
||||||
|
Loading…
Reference in New Issue
Block a user