Re: c-client support for client certificates?

2005-02-24 Thread Mark Crispin 
On Thu, 24 Feb 2005, Kevin P. Fleming wrote:
If I implement this, would it be more consistent to make it a callback route 
that returns a pointer to an allocated chunk of memory (with the caller 
responsible for freeing), or a parameter where I actually pass in the 
PEM-encoded string and c-client duplicates it into its own memory? c-client 
will only need the certificate for a very short time (to make two calls into 
the SSL library during the context setup), so I don't think it makes sense to 
keep a copy of it in c-client's memory space...
Probably a callback set via mail_parameters() makes more sense for the 
reasons you state.

-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

Re: c-client support for client certificates?

2005-02-23 Thread Mark Crispin 
No, c-client does not have any support for SSL client certificates.
The [GS]ET_SSLCERTIFICATEQUERY mail_parameter() callback routine is used 
to allow the application a chance to decide whether to proceed or abort if 
the *server* certificate fails validation.

On Thu, 24 Feb 2005, Kevin P. Fleming wrote:
Is there any way currently to get c-client to accept a client certificate 
(PEM-encoded string representation) and pass it along when OpenSSL asks for 
it during the TLS negotiation?
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.