Hi,

> From: <SchmittR / t-systems.com>
> Sent: Wednesday, February 04, 2004 10:35 PM

> Thanks for the tip. I take a look - but dont understand :-(.
> What are the options OpenSSL::SSL::VERIFY_PEER and
> OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT standing for?

These options are just for your purpose.
See NOTES section of
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

> My job is to write a HTTPS-secured server that must
> authenticate the client (Internet Explorer) with certificates.

sslsvr.rb with above options should work as you expected.
Run sslsvr.rb and hit https://localhost:17171/hello with browser.
sslsvr.rb should deny the access.
Then, import client.cert and client.key into your browser and
hit the URL again.

In do_hello block, you can get the client certificate which is
verified in a session with req.meta_vars['SSL_CLIENT_CERT']

Regards,
// NaHi