Clarify request of client certificates. This is a FAQ.

author: Lutz Jänicke <jaenicke@openssl.org> 2001-04-17 13:20:05 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2001-04-17 13:20:05 +0000
commit: ee718b2c22179fcebe94fd7415b218dacc744db8 (patch)
tree: a61f9435cfb9a67a8aa84938a8a686fdc185ebdd /FAQ
parent: 514481f68622210a579ba31ebd6fd18cc851917f (diff)
download: openssl-ee718b2c22179fcebe94fd7415b218dacc744db8.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/FAQ b/FAQ
index cd759e0202..878a779670 100644
--- a/FAQ
+++ b/FAQ
@@ -47,6 +47,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why do I get errors about unknown algorithms?
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why doesn't my server application receive a client certificate?
 
 ===============================================================================
 
@@ -543,5 +544,12 @@ requiring a bi-directional message exchange; both SSL_read() and
 SSL_write() will try to continue any pending handshake.
 
 
+* Why doesn't my server application receive a client certificate?
+
+Due to the TLS protocol definition, a client will only send a certificate,
+if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
+SSL_CTX_set_verify() function to enable the use of client certificates.
+
+
 ===============================================================================
author	Lutz Jänicke <jaenicke@openssl.org>	2001-04-17 13:20:05 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2001-04-17 13:20:05 +0000
commit	ee718b2c22179fcebe94fd7415b218dacc744db8 (patch)
tree	a61f9435cfb9a67a8aa84938a8a686fdc185ebdd /FAQ
parent	514481f68622210a579ba31ebd6fd18cc851917f (diff)
download	openssl-ee718b2c22179fcebe94fd7415b218dacc744db8.tar.gz