On Thu, May 16, 2002 at 09:31:19PM +0900, Kin Jun wrote:
> I am a beginner in OpenSSL. I am trying to realize client authentication
> with SSL library in my application.
>
> I suceeded in sending to a server by using .PEM file as follows:
> SSL_CTX_use_certificate_file(ctx, MyClient.pem, SSL_FILETYPE_PEM);
> SSL_CTX_use_RSAPrivateKey_file(ctx, MyPrivateKey.pem,
> SSL_FILETYPE_PEM);
>
> Now , I try to use pkcs12 format certificate file to access to the
> server.
> But in the OpenSSL document , there are a lot of information like this:
> "....The certificates must be in PEM format.... "
>
> What! How about pkcs12 ?
> My question is : How to use pkcs12 format certificates in SSL functions
> for client authentication?
> --Is OpenSSL library not supporting pkcs12 format for client
> authentication?
> --Which function can be used for the above purpose? and How to do
> it?
The OpenSSL library uses keys/certificates that have to be stored into the
corresponding data structures before performing the handshake.
You already found the functions to achieve this from PEM-format files.
The OpenSSL library also supports handling of PKCS12 style data.
Unfortunately, no documentation has yet been written in that regard,
so that I can only recommend you to read the apps/pkcs12.c file and
the contents of the crypto/pkcs12/ directory. Probably this way is not
very beginner friendly.
I am not aware of any OpenSSL based application that could be used as
an example. (That doesn't mean that there isn't one, it only means that
I don't know one; maybe somebody on this list does.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
