OpenSSL如何请求客户端证书,但不验证它
OpenSSL how to request client certificate, but don't verify it
我想设置 openssl c/c++ 服务器从客户端请求证书但不验证它。
我已经使用这段代码从客户端查询证书:
/** Force the client-side have a certificate **/
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
SSL_CTX_set_verify_depth(ctx, 4);
任何人都可以给我这样的服务器代码的例子吗?
您应该阅读 manual。它指出:
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
[...]
The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with "verification failed" state. [...] If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. [...]
编写一个始终 returns 1 并将其作为 verify_callback 传递的函数应该可以帮助您解决问题。
我想设置 openssl c/c++ 服务器从客户端请求证书但不验证它。
我已经使用这段代码从客户端查询证书:
/** Force the client-side have a certificate **/
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
SSL_CTX_set_verify_depth(ctx, 4);
任何人都可以给我这样的服务器代码的例子吗?
您应该阅读 manual。它指出:
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
[...]
The return value of verify_callback controls the strategy of the further verification process. If verify_callback returns 0, the verification process is immediately stopped with "verification failed" state. [...] If verify_callback always returns 1, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. [...]
编写一个始终 returns 1 并将其作为 verify_callback 传递的函数应该可以帮助您解决问题。