On the client side, you also need the lines:
SSL_CTX_use_PrivateKey_file(ctx, "client.pem", SSL_FILETYPE_PEM);
SSL_CTX_use_certificate_file(ctx, "client.pem", SSL_FILETYPE_PEM);
And, on the server side, you need a verifier function.
int verify_callback(int ok, X509_STORE_CTX *ctx)
{
// return true to allow the connection or false to reject it.
}
Then in your code before you accept the connection
int s_server_verify = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
It is described better here:
http://docs.csoft.net/cgi-bin/man.cgi?section=3&topic=SSL_CTX_set_verify
Kevin
-----Original Message-----
From: Sejin Choi [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 18, 2002 10:10 AM
To: [EMAIL PROTECTED]
Subject: How to create client certificate
Hi, all.
I wrote a client/server application that uses SSL, and it currently
verifies server-side certificate only.
Now I'm trying to add client certificate verification.
At the beginning, I thought I could just create/verifify client
certicate using openssl command just as I did for server certificate,
but somehow it's not working.
My server program always gives an error message that the client does not
have certificate.
Could anyone please tell me how to create a client certificate and
specific function calls different from the ones used for server side
certificate verification?
Basically, I used same function calls in both server and client side to
verify each other.
But it seems that it works only for server-side certificate
verification.
Thanks in advance and have a great day.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
