RE: client authentication

Hua Wu Wed, 16 Aug 2000 09:34:04 -0700
Thanks for your reply.

For the first question, the code in SSL_CTX_use_PrivateKey_file
(ssl\ssl_rsa.c) 
likes this

        if (type == SSL_FILETYPE_PEM)
                {
                j=ERR_R_PEM_LIB;
                pkey=PEM_read_bio_PrivateKey(in,NULL,
        
ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
                }
        else
                {
        
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
                goto end;
                }

May I add these lines before else to support DER?

        else if (type == SSL_FILETYPE_ASN1)
                {
                j=ERR_R_ASN1_LIB;
                pkey=d2i_PrivateKey_bio(in,NULL);
                }

d2i_PrivateKey_bio uses d2i_AutoPrivateKey to determine the key is RSA or
DSA 
format. Is it reliable?

The second problem is solved by setting the option,
SSL_OP_NETSCAPE_CA_DN_BUG.
But I don't understand why?

Hua
-----Original Message-----
From: Peter Kim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 2:16 PM
To: [EMAIL PROTECTED]
Subject: Re: client authentication


> Hi, friends,
>
> I try to add the client authentication into a client application.
> Two problems block me.
>
> 1. It is not allowed to use DER type files in SSL_CTX_use_PrivateKey_file.
> It only accepts PEM files.
>

SSL_CTX_use_PrivateKey_ASN1(..) should accept a DER-encoded private key
file.

> 2. During handshaking, the client application fails in
> ssl3_get_certificate_request. In the first time reaching this function,
> it goes to err since d2i_X509_NAME returns NULL. The second time entering
> here is driven by FD_READ event. Then it exits early by the message_type
> of SSL3_MT_SERVER_DONE. So I don't retrieve the certificat request
> from server successfully. And, of course, the handshaking fails.
>

I'm not sure about this.

> Could anyone tell me how to fix those problems?
>
> Hua
>
>

I hope this helps.

----------------------------------------------------------------------
Peter Kim
Software Developer
Xcert International Inc.

e-mail: [EMAIL PROTECTED]
URL: http://www.xcert.com
homepage: http://home.xcert.com/~pckim
ph 604 640 6210 ext 268
----------------------------------------------------------------------
______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: client authentication

Reply via email to
