[openssl-users] Is verification supposed to fail with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT without SSL_CTX_set_client_CA_list?

Jeffrey Walton noloader at gmail.com
Sat Feb 27 22:48:10 UTC 2016

> I have a server code whose context is configured with SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT and which do not call
> SSL_CTX_set_client_CA_list().
> In this case, handshake is failing as expected when clients didn't send a
> certificate.

Thanks Michel.

Does your server use the default verify callback? Or does it have a
custom callback? (The original question uses the default verify


More information about the openssl-users mailing list