On Mon, Nov 01, 2010 at 01:06:50PM -0500, Eichenberger, John wrote:
> I have been looking at OpenSSL version 1.0.0a source code in order to
> determine how to use it in an application where EAP TLS is used. It
> seems like this application would be working correctly if only the
> "privatekey" field would be defined as it gets checked within
> ssl3_send_client_certificate (ssl\s3_clnt.c).
To associate a private key + public key cert (chain) pair with
an SSL context:
if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
/* handle the error */
}
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
/* handle the error */
}
You can associate one key pair for each public key type, currently:
- RSA
- DSA
- ECDSA
If you need to support SNI on the server-side, there are some additional
games with personality-specific SSL contexts that are dynamically assigned
to the session based on SNI requests from the client.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
