On Wed, Jul 25, 2012, Fili, Tom wrote: > I'm trying to setup my application to allow for the use of client > certificates. I am using the capi engine to pull from the Windows store. > > I setup my ssl connection and it works fine if I set the correct > certificate using SSL_CTX_use_certificate_ASN1 & > ENGINE_load_private_key. > > >From what I've read, in the SSL handshake where client certificates are > required, the server actually sends back a list of CAs that it accepts. > Is there something I can do after SSL_do_handshake or something I can do > in place of it to get that list of CAs, so I can filter the list I > display to the user (similar to the certificate dialogs you see in a > browser). >
There is an automatic client certificate selection feature in the capi ENGINE. You just pass the ENGINE parameter to SSL_CTX_set_client_cert_engine. If OpenSSL is compiled with the OPENSSL_CAPIENG_DIALOG it will also display a dialog box. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
