Hi
I am porting an application from SSLRef to OpenSSL, and I am trying to
connect up with a SSL server, performing Client Authentication, but I',
having troubles doing so. I have DER certs that are read into a API above
OpenSSL. I can dump these certs to stdout, and they look fine. During the
handshake, the server sends the certificate chain, (server cert, then CA)
which is correct. When my client sends the client cert, it is not actually
the client cert that I set up in the initialization, it is the server cert.
The server sends a fatal alert, with the message invalid data format.
I have been digging through the SSL code, and the last reference to the
server cert is when the client validates the chain.
Thanks, in advance, any help would be appreciated.
What I am doing during Client Context Initialization is such:
--------------------------------------------------------------------------
count=Get CA Count
if(count>0){
/*
** Add a stack of CA X509 certs here.
*/
if((stackx509=sk_X509_new_null())!=OSPC_OSNULL)
{
for(i=0;i<count;i++)
{
---> [Get CA's From API Level as ASN1 Objs] <---
if((x509=d2i_X509(NULL,&ca,certlen))!=OSPC_OSNULL)
{
sk_X509_push(stackx509,x509);
}
}
SSL_CTX_set_client_CA_list(ctx,stackx509);
--->[ Get Client Cert From API Level as an ASN1 Obj ]<----
if((x509=d2i_X509(NULL,&ca,certlen))!=OSPC_OSNULL)
if(SSL_use_certificate(*conref,x509)>0)
{
/*
** Get The Private Key and
Load it into the SSL session
*/
---> [ Get Key From API ] <----
if(!SSL_use_RSAPrivateKey_ASN1(*conref,ca,(long)certlen))
{
ERR_print_errors(bio_stdout);
}
}
Am I incorporating the correct calls, doing the correct steps?
Any help would be greatly appreciated
Thanks,
Chuck
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
