Re: SSL_get_peer_certificate() failing - Openssl

This is a discussion on Re: SSL_get_peer_certificate() failing - Openssl ; Thanks, I've read the man page for SSL_get_peer_certificate() and it says it returns NULL if " No certificate was presented by the peer or no connection was established." After tracing through the code I see that SSL_get_peer_certificate() returns null because ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: SSL_get_peer_certificate() failing

  1. Re: SSL_get_peer_certificate() failing

    Thanks, I've read the man page for SSL_get_peer_certificate() and it says it returns NULL if " No certificate was presented by the peer or no connection was established." After tracing through the code I see that SSL_get_peer_certificate() returns null because no connection has been established, ie it enters the following
    piece of code "if ((s == NULL) || (s->session == NULL))". I know for a fact that s is not NULL which means that s->session is NULL. Do you know of a reason why s->session would be NULL?

    Thanks,
    John



  2. Re: SSL_get_peer_certificate() failing

    How do you know that s isn't null? Have you actually called
    SSL_CTX_set_verify or SSL_set_verify? Without that being called,
    there is no request for the certificate from the client. How do you
    know the client is sending the certificate?

    Can you still send data across the link? Or is it torn down? (is
    your SSL_set_verify callback being called?)

    Atop this, you can always use s_client to use a particular client
    certificate (and key), and dump the entire state of the connection for
    debugging.

    Also, which version of OpenSSL are you using? Which platform are you on?

    -Kyle H

    On Mon, Jul 28, 2008 at 7:55 PM, M wrote:
    > Thanks, I've read the man page for SSL_get_peer_certificate() and it says it
    > returns NULL if " No certificate was presented by the peer or no connection
    > was established." After tracing through the code I see that
    > SSL_get_peer_certificate() returns null because no connection has been
    > established, ie it enters the following
    > piece of code "if ((s == NULL) || (s->session == NULL))". I know for a fact
    > that s is not NULL which means that s->session is NULL. Do you know of a
    > reason why s->session would be NULL?
    >
    > Thanks,
    > John
    >

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread