On Tue, 10 Sep 2002, Matt Bernstein wrote:
> At 20:31 +0100 Steve Haslam wrote:
>
> >If you don't set tls_verify_certificates, then client certificates are
> >silently not verified, and tls_verify_hosts (and presumably
> >tls_try_verify_hosts) has no effect. *sigh*
That is a bug, IMO. I have put it on the list to fix. It could be
diagnosed at configuration-reading time by requiring
tls_verify_certificates to be set when tls_[try_]verify_hosts is.
> Ahhh... were you expecting them to be verified internally by OpenSSL?
> Maybe that could be a FAQ.
Certainly, and I'll also make this clearer in the documentation.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
