Thanks Kyle
Just want to make sure I understand
this i will do on the server side.
But in the client side, I still need to upload certificate to X509 sturct or
give path to a file right ?
is there a function that upload my certificate - as client -
The code below is for the client to upload the server certificate for
authentication
Now I want to upload my certificate in order for the server to verify it. (All
in the client side)
----- Original Message -----
From: "Kyle Hamilton" <aerow...@gmail.com>
To: openssl-dev@openssl.org
Sent: Monday, January 5, 2009 12:01:44 PM (GMT+0200) Auto-Detected
Subject: Re: Mutual Authentication
SSL_get_peer_certificate(3ssl), SSL_get_peer_cert_chain(3ssl) will get
the certificate and certificate chain, respectively.
To control the verification process, you can use SSL_set_verify(3ssl)
and/or SSL_CTX_set_verify(3ssl). Note that the server must present a
certificate if it wants to ask for the client certificate;
SSL[_CTX]_set_verify() is necessary to actually ask the client for its
certificate.
If you want to implement your own verification function, be careful.
It's very easy to get it wrong.
-Kyle H
On Mon, Jan 5, 2009 at 1:24 AM, Itay Dagan <i...@yoggie.com> wrote:
> Hi Guys
> I have a question about Mutual authentication.
> After big help from your side (Thanks Shahin and Patrick) I secseeded to
> upload the server certificate from memory
> and it works great verifying the server certificate
>
> in the second fase
> I configure my server to verify client certificate.
> I am trying now to do the same for my certificate (Client). (upload from
> memory)
>
>
> My Q is :
>
> should I do the same with the client certificate ?
> Is there a open-ssl function/struct that get the client certificate ?
>
> Thank you very much for your help.
>
> Itay
>
>
> (I added the code I used - adding my server certificate from memory) - I am
> using CURL-lib here
> *****************************************************************************
> int ssl_ctx(CURL *curl void * sslctx, void * parm)
> {
> X509_STORE * store;
> X509 * cert=NULL;
> BIO * bio;
> char * mypem = buf;
>
> // get a BIO
> bio=BIO_new_mem_buf(mypem, -1);
>
>
> // use it to read the PEM formatted certificate from memory into an X509
> //structure that SSL can use
> PEM_read_bio_X509(bio, &cert, 0, NULL);
> if (cert == NULL)
> return false ;
>
> // get a pointer to the X509 certificate store (which may be empty!) //
> store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
>
> // add our certificate to this store
> if (X509_STORE_add_cert(store, cert)==0)
> return false ;
>
> // all set to go
> return true ;
> }
>
> *******************************************************************************
> Thanks
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
