Hi, from an SSL server side I want to check the client certificate/private key but I don't know how to do this. Below I have wrote a small server sample and it's client. I don't know if it's correct what I did.
// SSL Server int listen_sd = socket(AF_INET, SOCK_STREAM, 0); sockaddr_in sa_serv; memset(&sa_serv, '\0', sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (8001); bind(listen_sd, (sockaddr*)&sa_serv, sizeof(sa_serv)); listen(listen_sd, 5); sockaddr_in sa_cli; size_t client_len = sizeof(sa_cli); int sd = accept(listen_sd, (sockaddr*)&sa_cli,(int*)&client_len); closesocket(listen_sd); SSLeay_add_ssl_algorithms(); SSL_CTX* ctx = SSL_CTX_new(SSLv3_server_method()); SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM); if(!SSL_CTX_check_private_key(ctx)) exit(1); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); SSL* ssl = SSL_new(ctx); SSL_set_fd(ssl, sd); CHK_SSL(SSL_accept(ssl)); X509* client_cert = SSL_get_peer_certificate(ssl); if(client_cert != NULL) // is always NULL. why? { printf("Client certificate:\n"); char* str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0); printf("\t subject: %s\n", str); free(str); str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0); printf("\t issuer: %s\n", str); free(str); X509_free(client_cert); } ..... // reading/writing operations and cleaning up ..... and the client looks like this: // SSL Client SSLeay_add_ssl_algorithms(); SSL_METHOD* meth = SSLv3_client_method(); SSL_CTX* ctx = SSL_CTX_new(meth); SSL_CTX_use_certificate_chain_file(ctx, CERTF); SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM); int sd = socket(AF_INET, SOCK_STREAM, 0); sockaddr_in sa; memset(&sa, '\0', sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr("127.0.0.1"); // Server IP sa.sin_port = htons(8001); // Server Port number connect(sd, (sockaddr*)&sa, sizeof(sa)); SSL* ssl = SSL_new (ctx); SSL_set_fd(ssl, sd); SSL_connect(ssl); ..... // reading/writing operations and cleaning up ..... What is wrong on the code above? ____________________________________________________________ Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]