Hi,
got a question about client certificates.
I am trying to implement a non-GUI client process which needs to use client
certificates for authentication.
Here's the environment:
- Verisign Class 1 client certificates for Netscape Communicator 4.04
- exported those using the SSLeay pkcs12 fix from Steve Henson (both encrypted
and non-encrypted private key versions) to .PEM format
- here's part of the code used trying to implement the client certificates:
(NT based tool)
method = SSLv23_client_method();
SSLeay_add_ssl_algorithms();
ctx_client = SSL_CTX_new(method);
SSL_CTX_set_default_verify_paths(ctx_client);
ctx_client->default_passwd_callback = (int
(*)())PEM_client_password_callback;
con_client = (SSL *)SSL_new(ctx_server);
SSL_set_fd(con, m_Socket);
rc = SSL_CTX_use_certificate_file(ctx_client,cl_certificate,
SSL_FILETYPE_PEM);
rc = SSL_CTX_use_RSAPrivateKey_file(ctx_client,cl_keyfile,
SSL_FILETYPE_PEM);
..
.
.
static int PEM_client_password_callback(char *buf, int num, int w)
{
strcpy(buf, "mypassword");
return (strlen(buf));
}
The call to SSL_CTX_use_RSAPrivateKey_file always returns 0, which makes the
client authentication fail.
Anyone any idea what might be wrong ??
Thanks in advance.
[EMAIL PROTECTED]
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
