client code examples that use client cert?

Thu, 22 Mar 2001 16:11:11 -0800 

Hello everyone,
Does anyone has a working example of a client code that uses client
certificates and sends post requests prefferably in C++?

I wrote some code that works just fine when a server doesn't requires a
client cert, but when a server is set to require them, I started to get
error 403.7

I wrote my code on solaris with openssl  0.9.6.  I connect to IIS server on
NT.
I got client certificate from equifax and I was able to verify that it's
valid by posting from netscape and using s_client utility.
So the problem is somewhere in my code.  So that's why I'd like to see some
examples of how others where able to deal with client certs to compare with
what I'm doing.
It would also be great if someone would be able to see if there is naything
wrong in the way I handle certs:

Here is how I set cert in the CTX.  Latter on when I need to do a
connection, I open ssl session and use SSL_read/write to talk to the
server.
 I don't use BIO (should I?)

void
SSL_ContextWrapper::importCertFromFiles(const char* priv,
                                  const char* cert, int type)  //type is
PEM
  throw (SSL_exception)
{
  int err = 0;
  char errorBuff[128];


  SSL_CTX_set_options(ctx,SSL_OP_ALL);
  err = SSL_CTX_use_certificate_file(ctx, cert, type);
  if (err != 1)
      throw SSL_exception(LOCATION, err,
                              VARconcat("Unable to get the cert %s",
                                    ERR_error_string(ERR_get_error(),

errorBuff)));

  err = SSL_CTX_use_PrivateKey_file(ctx, priv, type);
  if (err != 1)
      throw SSL_exception(LOCATION, err,
                         VARconcat("Unable to get private key <%s>",
                               ERR_error_string(ERR_get_error(),
                                              errorBuff)));

  if (!SSL_CTX_check_private_key(ctx))
      throw SSL_exception(LOCATION, err,
                         VARconcat("Unable to get private key <%s>",
                         ERR_error_string(ERR_get_error(),
                                         errorBuff)));


  err = SSL_CTX_load_verify_locations(ctx, cert,

"/export/home/openssl/openssl-0.9.6/certs");
  if (err != 1)
      throw SSL_exception(LOCATION, err,
                              VARconcat("Unable to load root cert <%s>",
                              ERR_error_string(ERR_get_error(),
errorBuff)));
}

                    thanks a lot,
                         --Alex


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to