Hi,
I am working on a project that involves modifying an existing httpsClient to support user specified certs. The cert is provided in PEM format by a 3rd party. At first this seemed rather trivial, but the changes I made don't seem to work.
Here is the code I am using:
if (flCertString) /* is the cert a string? */ { X509cert = NULL; mem = BIO_new( BIO_s_mem( )); BIO_puts ( mem, cert ); PEM_read_bio_X509 ( mem, &X509cert, 0, NULL); /* no error return? */ errCode = SSL_CTX_use_certificate ( sslClientCtx, X509cert ); } else /* cert is a path to our cert */ { errCode = SSL_CTX_use_certificate_chain_file ( sslClientCtx, cert ); }
... I then create my SSL object from this CTX and continue.
ssl = SSL_new( sslClientCtx );
I get no errors when setting the cert, and I have verified that the rest of the client can connect to a 'normal' https site (eg: https://www.ietf.org).
My problem is that the 3rd party test server returns a generic error, no error code just a 'please contact tech support'. Tech support in this case is clueless.
My questions:
1. Does this code look right? Or did I obviously goof something up.
2. I have an OpenBSD server that's setup to handle https traffic, is there a way I can set it up to verify that my client is working properly?
Any help would be greatly appreciated.
Cheers! Patrick ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]