On Thu, Jun 24, 2010, Harshvir Sidhu wrote: > Hey thanks all for the reply. > Stephen: > Yes i have to do client authentication, Is there some sample available > that demonstrates how can i use capi engine for the same? Thanks. >
The option -ssl_client_cert_engine to s_client uses the relevant functionality. All you do is lookup the "capi" ENGINE and assign it to the SSL_CTX, check the s_client.c source for more info. If you only have one client certificate for a given CA then that is sufficient. There are other options which can be set at compile time, such as displaying a dialog box if there are multiple certificates of just arbitrarily choosing the first one. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
