Closed gbicann closed 8 months ago
Have you tried it with SSL_verify_mode => SSL_VERIFY_PEER ?
... parameter is ignored if SSL_server is set
This is not true (just verified).
I am writing a server that needs to validate client certificates and this is not currently possible because of this.
Then the bug is probably in your server code or you have the wrong expectation of what SSL_verify_peer is supposed to do. Note that it is only called if there is a actual client certificate transferred. This can only be the case if a client certificate is actually requested - use SSL_VERIFY_PEER. And if it is not considered mandatory (SSL_VERIFY_FAIL_IF_NO_PEER_CERT) then the client can also send no certificate, in which case the verification callback does not get called either.
Hi there,
The documentation doesn't say so, but from what I can tell from the source code, the
SSL_verify_callback
parameter is ignored ifSSL_server
is set (I am usingIO::Socket::SSL
viaNet::Server::Proto::SSL
which I assume sets this option).I am writing a server that needs to validate client certificates and this is not currently possible because of this.
Therefore, I'd like to ask:
Net::SSLeay
or the underlyinglibcrypto
implementation(s), or for some other unavoidable reason?SSL_verify_callback
work when combined withSSL_server
?Thanks in advance,
@gbicann.