In message <_A181@delegate-en.ML_> on 12/18/98(15:11:52) you "Horia Georgescu" <pbyaabdyi-g7ilkrrpmhjr.ml@ml.delegate.org> wrote: |Hi, I'm trying to get this going on my own, but it doesn't work ... Have you cleared the problem of "keyfile not found or wrong" ? I should have noticed that SSL_xxx_yyy_FILEs must be specified in absolute path when you run DeleGate in background (without -v option) because DeleGate changes working directory to $WORKDIR in the case. |Here is an excerpt from "A universal SSL proxy by DeleGate": |"... If you wish to see client's certificate in SSLway with "-ac" option, |specify "-client_auth" option".. Current "-client_auth" option just implies to ask the client to send its certificate if it have, then record the content of the certificate, if it's sent, into LOGFILE. I scarcely remember what I intended the option to mean ultimately... but activating a stuff commented out in filters/sslway.c seems to make sslway to reject the connection from clients without a certificate. *** ../dist/delegate5.8.3/filters/sslway.c Fri Aug 21 19:27:45 1998 --- sslway.c Fri Dec 18 15:46:35 1998 *************** *** 277,279 **** static int cl_auth = 0; ! static int cl_vrfy = SSL_VERIFY_PEER /* | SSL_VERIFY_FAIL_IF_NO_PEER_CERT*/; --- 277,279 ---- static int cl_auth = 0; ! static int cl_vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; Maybe doing verification based on the client certificate should be specified in another option rather than "-client_auth", for example an option like "-client_verify". But anyway I think I should follow the convention of command line arguments or environment variables of SSLeay, with which I'm not so familiar now... Cheers, Yutaka -- Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/ @ @ Computer Science Division, Electrotechnical Laboratory ( - ) 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan _< >_
V