* Why do I get errors about unknown algorithms?
* Why can't the OpenSSH configure script detect OpenSSL?
* Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why doesn't my server application receive a client certificate?
===============================================================================
SSL_write() will try to continue any pending handshake.
+* Why doesn't my server application receive a client certificate?
+
+Due to the TLS protocol definition, a client will only send a certificate,
+if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
+SSL_CTX_set_verify() function to enable the use of client certificates.
+
+
===============================================================================
=head1 NOTES
+Due to the protocol definition, a TLS/SSL server will always send a
+certificate, if present. A client will only send a certificate when
+explicitely requested to do so by the server (see
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
+is used, no certificates are sent.
+
That a certificate is returned does not indicate information about the
verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
to check the verification state.
=head1 SEE ALSO
-L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
=cut
projects / oweals / openssl.git / commitdiff