Client Authentication

[Carlos Serrao]

Hi all,   can someone provide me with a good example how to handle client authentication on a SSL connection. I've already take a look at the examples in the openssl distribution and it didn't help much.   On my code I'm doing the following:   1. Using openssl I've created a self-signed CA. 2. After, using this CA, I created two certificates:     client_cert.pem with client_key.pem     server_cert.pem with server_key.pem   3. Then I did the following code:   CLIENT:   SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)   SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM)    SSL_CTX_check_private_key(ctx)   in which CERTF = client_cert.pem and KEYF = client_key.pem   SERVER:     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, NULL);       SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)     SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM)     SSL_CTX_check_private_key(ctx)     SSL_CTX_load_verify_locations(ctx, CAFILE, NULL);     SSL_CTX_set_default_verify_paths(ctx);     SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAFILE)); in which CERTF = server_cert.pem and KEYF = server_key.pem   I don't know what to put in CA_FILE...?   The server allways respond that the client doesn't has a certificate...     What AM I DOING WRONG ???     Can someone help me ?     Thanks in advance.   Best regards,     _____________________________________________________________ Carlos Serrão                          [EMAIL PROTECTED]                                  http://adetti.iscte.pt/~cjcs                                  DCTI - IS/IT Department        IS/IT Research and Development ADETTI/ISCTE - Av.Forcas Armadas     1600-082 LISBOA Portugal Tel.: +351217903064/+351217903901         Fax:  +351217935300