Re: Client authentication

Mon, 02 Oct 2000 01:23:47 -0700 

Look at http://www.aquasecurity.com/protect/other/sslcli.cpp and
http://www.aquasecurity.com/protect/other/sslsrv.cpp

Robert Sandilands

> Carlos Serrao wrote:
> 
> Hi all,
> 
> can someone provide me with a good example how to handle client
> authentication on a SSL connection. I've already take a look at the
> examples in the openssl distribution and it didn't help much.
> 
> On my code I'm doing the following:
> 
> 1. Using openssl I've created a self-signed CA.
> 2. After, using this CA, I created two certificates:
>     client_cert.pem with client_key.pem
>     server_cert.pem with server_key.pem
> 
> 3. Then I did the following code:
> 
> CLIENT:
>   SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)
>   SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM)
>   SSL_CTX_check_private_key(ctx)
> 
> in which CERTF = client_cert.pem and KEYF = client_key.pem
> 
> SERVER:
>     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
> NULL);
> 
>     SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)
>     SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM)
>     SSL_CTX_check_private_key(ctx)
>     SSL_CTX_load_verify_locations(ctx, CAFILE, NULL);
>     SSL_CTX_set_default_verify_paths(ctx);
>     SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAFILE));
> in which CERTF = server_cert.pem and KEYF = server_key.pem
> 
> I don't know what to put in CA_FILE...?
> 
> The server allways respond that the client doesn't has a
> certificate...
> 
> 
> What AM I DOING WRONG ???
> 
> 
> Can someone help me ?
> 
> 
> Thanks in advance.
> 
> Best regards,
> 
> 
> _____________________________________________________________
> Carlos Serrão                          [EMAIL PROTECTED]
>                                  http://adetti.iscte.pt/~cjcs
> 
> DCTI - IS/IT Department        IS/IT Research and Development
> ADETTI/ISCTE - Av.Forcas Armadas     1600-082 LISBOA Portugal
> Tel.: +351217903064/+351217903901         Fax:  +351217935300
> 
> 
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to