Home > Mobile >  OpenSSL how to request client certificate, but don't verify it
OpenSSL how to request client certificate, but don't verify it

Time:03-30

I want to setup openssl c/c server request certificate from client but don't verify it.

I already use this piece of code to query certificate from client:

/** Force the client-side have a certificate **/
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
SSL_CTX_set_verify_depth(ctx, 4);

Can anybody give me example of such server code?

CodePudding user response:

You should read the manual. It states:

void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
[...]
The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with "verification failed" state. [...] If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. [...]

Writing a function that always returns 1 and passing it as verify_callback should help you solve the problem.

Page link:https//www.codepudding.com/Mobile/354094.html

Prev:Automatic generate member functions depending on inherited class template
Next:icpc error in compiling over-aligned dynamic allocated variables
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding