Hello. Ive been trying to setup client authentication using a PKCS #12 certificate, and Ive been having some trouble. Im trying to determine whether its because its something unsupported in openSSL, or if its a problem with the wrapper library Im using (Pythons httplib). Id appreciate it if anyone might be able to provide some insight.
Im getting an error raised by the openSSL library when the wrapper class is trying to instantiate and wrap a socket, and from what Ive been able to gather to-date, the error appears to be coming from openSSL: Ssl.SSLError: [Errno 336265225] _sll.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Is PKCS #12 supposed to be supported by openSSL? I would guess yes; I dug around in the source and found that PEM lib is the error text for ERR_R_PEM_LIB (defined in err_str.c), and I also noticed ERR_R_PKCS12_LIB in there. This gives me the impression that openSSL is incorrectly trying to load the PKCS #12 cert as a PEM cert, and thus the error which leads me to believe that the wrapper library may not be calling openSSL properly, if PKCS #12 certificates should be supported. (Otherwise, why would openSSL be returning an error related to PEM certs and not PKCS #12 certs?) Can anyone tell me whether or not openSSL should be able to work with PKCS#12 certs? Any advice anyone might have is welcome. (Sorry if this is vague; this is the first time I dig into the openSSL project.) The certificate appears correct, as Ive tested it by adding it to MSIE and Firefox and Im able to connect to the server. Regards, Remi.
