The only thing that the server can know is whether the client has terminated the connection with a fatal alert. If the client validates presented cert chains, then its continuation with the connection means that it passed validation. If the client does not, or ignores any given error, then it doesn't mean that it passed validation. In other words, you can only know if the client's applied policy allows the connection to continue. You cannot know if the policy that was applied was specifically related to the certificate chain presented. -Kyle H On Mon, Feb 12, 2018 at 10:06 PM, J Decker <d3ck0r@xxxxxxxxx> wrote: > Is there a way for a server to know if the client verified the cert chain > successfully or not? > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
