On Wed, Mar 14, 2012, Sunjeet Singh wrote: > >> 8. Now, I want to load the certificate into the same SSL Context. > >> At first I tried using the simple- > >> ENGINE_load_ssl_client_cert() > >> on the certificate file generated earlier, but that failed. I can > >> understand why- the certificate is encrypted (self-signed). > >> So it seems like the function that I would want to use instead > >> is- > >> ENGINE_load_ssl_client_certificate() > >> But I'm not entirely sure if the same certificate is supposed to go > >> into the context as "client" certificate and if I am trying to do the > >> right thing. > >> > >> > >> Can someone please point me in the right direction? Hopefully I've > >> included all information that is relevant to my question. > >> > > > > Forget about the ENGINE for this step. You can load the certificate into an > > X509 structure and pass that to the SSL_CTX. > > > > How you do that depends on the certificate format. If it is PEM format you > > can > > use PEM_read_X509. If DER the d2i_X509_fp will do the trick. > > > > Hi Steve, thanks for your reply. While it's definitely helped me take another > step in the right direction, I've run into a problem when using the > PEM_read_X509() function. > > The error string that I get from the function call is "_base = 0x047329a8 > "6632:error:0906D06C:PEM > routines:func(109):reason(108):.\crypto\pem\pem_lib.c:696:Expecting: > CERTIFICATE". > And when I open my foocert.PEM file in a text editor, it is not readable. >
The it is probably DER format. Use d2i_X509_fp instead and make sure you open the fp in binary mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
