[EMAIL PROTECTED] wrote:
>
> Hi Randal,
>
> I am trying to get OpenSSL to import private key files.
You can load a private key with
PEM_read_PrivateKey() (defined in openssl/pem.h)
> -----Original Message-----
> From: EXT Randall Ward [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 09, 2000 1:28 PM
> To: '[EMAIL PROTECTED]'
> Subject: please help with understanding client authentication
>
> I've been building a small https client & everything has gone quite well.
> Now I've been told that I need to include support for client authentication
> using a standard x.509 certificate & I am stumped.
>
> Is the certificate just going to be a file? Do I just have to set a path to
> it, or is there some sort of installation that I need to do?
You load a certificate with PEM_read_X509() (defined in openssl/pem.h)
parameters are:
fp: file pointer
x: pointer for in object, leasve it NULL
cb: callback for passphrase (only needed for private key)
u: parameter passed to callback
cb has the form:
int cb(char *buf, int size, int rwflag, void *userdata);
buf: buffer for pass phrase
size: size of buf
rwflag: on read you can ignore this
userdata: param u from PEM_read...()
(Assuming key and certificate are stored in PEM...)
these private key and certificate you can set insert in the SSL data:
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_certificate(SSL *ssl, X509 *x);
(from openssl/ssl.h)
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]