RE: client certificate

Jeffrey Altman Mon, 21 Aug 2000 06:48:46 -0700
The answer to your question is 'yes'.  The proxy service if designed
this way would require access to the client's private key.    Why not
do what every other proxy service does, just proxy the raw bytes and
let the SSL/TLS connection be end to end through the proxy service.


> hello everyone.
> 
> Sorry. 
> I noticed that this question was FAQ.
> I should have used s_client.c and s_server.c sample codes.
> 
> then, I have one more question.
> I am developping SSL proxy program.
> This proxy has following functions.
> 
> 1) proxy receives client certificate from client (browser).
> 2) with this certificate, proxy establishes SSL conection to www server 
> 
> When proxy establishes SSL connection, does it need client's private key ?
> If so, I think it is impossible to realize this SSL proxy.
> 
> Please give me your help.
> 
> thanks.
> ---
> nakamura  <[EMAIL PROTECTED]>
> 
> > -----Original Message-----
> > From: Nakamura,TakayukiTKSSC 
> > Sent: Monday, August 21, 2000 7:03 PM
> > To: OpenSSL
> > Subject: client certificate
> > 
> > 
> > Hello everyone,
> > 
> > I am now testing OpenSSL with sample program in 
> > openssl-0.9.5a.tar.gz .
> > These sample doesn't use client certificate.
> > So, I'd like to change client to send certificate to server.
> > 
> > I added following lines to cli.cpp.
> > 
> > -------------------------
> >    #define HOME "./"
> >    #define CERTF  HOME "client.pem"
> > 
> >    if (SSL_CTX_use_certificate_file(ctx, CERTF, 
> > SSL_FILETYPE_PEM) <= 0) {
> >            ERR_print_errors_fp(stderr);
> >            exit(3);
> >    }
> > --------------------------
> > 
> > Program finished succesfully.But server couldn't receive 
> > client certificate.
> > Please tell me how to receive client certificate.
> > 
> > 
> > Thanks,
> > -----
> > Takayuki Nakamura  <[EMAIL PROTECTED]>
> > MITSUI & Co.,Ltd. Solution Business Div. 
> > TEL +81 3 5641 2202 / FAX +81 3 5641 2205
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
> > 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 



                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: client certificate

Reply via email to
