Thanks Alexander Komyagin, So it means in mutual authentication mode also, each client and server need only to load its only private key and public key. During SSL handshake the SSL protocol will share the public keys of each other?
Then whats the use of "SSL_CTX_load_verify_locations()" API? In my case the client need to authenticate server and also the server need to authenticate client. Thanks again, Lloyd On Mon, Jun 4, 2012 at 2:57 PM, Alexander Komyagin <komya...@altell.ru> wrote: > > Hi, Lloyd! > > If you are establishing SSL connection between client and server, and > SSL_VERIFY_PEER flag is set, AFAIK server will ask for client > certificate during SSL handshake phase. > > So why do you need to load clients certs manually? > > On Mon, 2012-06-04 at 11:06 +0530, Lloyd wrote: > > Hi, > > > > We have a client server application with SSL (open ssl). The server > > has a public/private key pair and also "each client" has a > > public/private key pair. When client and server communicates they need > > to authenticate each other. So we are using the flags SSL_VERIFY_PEER| > > SSL_VERIFY_FAIL_IF_NO_PEER_CERT at both the client and server. All the > > certificates are self signed. > > > > Each client is unique, that is each of them has its own private/public > > key pair. In order to verify each client, the server needs to load all > > the clients certificates (isn't certificate mean public key in this > > context?),. Is it possible to load all client certificate? which > > openSSL api shoud I use ffor this? > > > > Thanks a lot, > > > > Lloyd > > > > > > -- > Best wishes, > Alexander Komyagin > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
