Hi Steve! I will try to take that path, thank you!
//Fredrik On Mon, Oct 13, 2014 at 6:08 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Mon, Oct 13, 2014, Fredrik Jansson wrote: > >> Hi! >> >> I have a device where I cannot access the client certificate's private >> key directly, but have access to verification and signature functions. >> >> The certificate, in DER format, is accessible. >> >> I need to use client certificates in my TLS connection and found the >> SSL_CTX_set_client_cert_cb function. I can convert the encoded cert to >> a X509 structure and return that, but I cannot provide it with a >> EVP_PKEY object. >> >> Is there any way I can instruct any of the SSL_CTX, SSL or EVP_PKEY >> objects to call a signature function (that I provide) during the >> handshake? >> > > An EVP_PKEY structure doesn't have to contain the private key components it > can contain just the public components. Private key operations can be > redirected to a function which performs the necessary operation. > > How you do that depends on the signing function you have available. Typically > you'll write a *_METHOD for the key type and an ENGINE to contain it. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
