Hi everybody, i got a problem with the client authetication. Searching the web and the archive of this mailinglist did not help so i hope theres some expert around here who can.
I got: - a demoCA with certificate an key - a certificate an key for the server - the same for the client The client is doing (i leave out the params): SSL_library_init(); SSL_load_error_strings(); ctx = SSL_CTX_new (SSLv3_client_method()); SSL_CTX_use_certificate_file(); SSL_CTX_use_RSAPrivateKey_file(); SSL_CTX_check_private_key(); SSL_CTX_load_verify_locations(); // Create a socket sock = socket(); ... connect(sock, ...); // do ssl stuff ssl = SSL_new(ctx); SSL_set_fd (ssl, sock); SSL_connect (ssl); serv_cert = SSL_get_peer_certificate (ssl); ... // print out certificate an close connection // -------- End client ---- The server is doing the following: SSL_library_init(); SSL_load_error_strings(); ctx = SSL_CTX_new(SSLv3_server_method()); SSL_CTX_use_certificate_file(); SSL_CTX_use_PrivateKey_file(); SSL_CTX_check_private_key(); SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CERT_CHAIN)); SSL_CTX_load_verify_locations(ctx, CERT_CHAIN, CERT_DIR); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_set_verify_depth(ctx, 1); // create a listening socket listen_sock = socket (AF_INET, SOCK_STREAM, 0); ... bind(listen_sock, ...); listen(listen_sock, ...); accept (listen_sock, ...); // do ssl stuff ssl = SSL_new (ctx); SSL_set_fd(ssl, ...); SSL_accept(ssl); client_cert = SSL_get_peer_certificate(ssl); ... // print out certificate an close connection // -------- End server ---- The connection works fine and the client gets the server certificate but the server does not get the client certificate. I always get the error "31619:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2010". Running a server with the openssl command line tool gets the certificate from my client so the mistake ought to be in the server`s code. Any ideas? Or, even better, some example code of an working client authentication. btw: Im using OpenSSL 0.9.7d under Gentoo Linux. Big thanks, Uli -- Ulrich Voelkel Eickener Strasse 44a D-41061 Moenchengladbach http://www.ulrich-voelkel.de ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
