I am trying to connect to IIS 5.0 with Personal Information Exchange -
PKCS#12 (.PFX) certificate.
The server returned message 'The client certificate is untrusted or
corrupt'. IIS 5.0 server is tuned as
require user certificate. Certificate I passed to the server is registered
there. What is wrong in my
code? Many thanks.
file="test.pfx";
int err=0;
printf("Init : %s \n", file);
PKCS12_lib_init();
ERR_load_crypto_strings();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
BIO *in=NULL;
in = BIO_new (BIO_s_file());
if (!file) BIO_set_fp (in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename (in, file) <= 0) {
perror (file);
exit(1);
}
}
PKCS12 *p12 = NULL;
BIO *bio_err=NULL;
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
ERR_print_errors(bio_err);
exit(1);
}
EVP_PKEY *pkey=NULL;
X509 *cert=NULL;
err=PKCS12_parse(p12, "password", &pkey, &cert, NULL);
printf("pkey : %d\n", pkey);
printf("cert : %d\n", cert);
RSA_print_fp(stdout,pkey->pkey.rsa,0);
X509_print_fp(stdout,cert);
if ( !SSL_use_PrivateKey(a_conn->ssl,pkey) ||
!SSL_use_certificate(a_conn->ssl,cert))
{
ERR_print_errors(bio_err);
exit(1);
}
// ...
SSL_set_fd(a_conn->ssl,sid);
err=SSL_connect(a_conn->ssl);
// ...
// read
// write
Regards, Andriy.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
