Hello, My company is wishing to do communication to several (hundred) clients over the Internet and has selected SSL as the method of securing the data. I have successfully written an implementation using OpenSSL, however, my implementation uses no client certificate for authentication. We need to provide the clients with certificates and have the server do authentication on those certificates. I'm having trouble getting the client to send the server a certificate. I'm using Windows 2000, Borland C++Builder 5 and OpenSSL-0.9.6c
Here's what I'm doing now on the client side: Once a SSL_CTX object has been created with SSL_CTX_new() and a SSL object has been created with SSL_new(), I call SSL_CTX_use_certificate_chain_file(), SSL_CTX_use_PrivateKey_file() and SSL_CTX_check_private_key(). All complete successfully. On the server side, I call SSL_CTX_set_verify() using a callback function and SSL_VERIFY_PEER, SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE after the server-side SSL_CTX object has been created with SSL_CTX_new(). I've put a breakpoint on the callback function provided to SSL_CTX_set_verify() and it never gets called. Here's what's happening with the server: SSL_accept() returns -1 (SSL_get_error() returns SSL_ERROR_WANT_READ) SSL_is_init_finished() returns 0 (SSL_get_error() returns SSL_ERROR_ZERO_RETURN) SSL_do_handshake() returns 0 (SSL_get_error() returns SSL_ERROR_SSL) which causes me to close the socket because the SSL handshake failed. The serv.cpp program in the demos\ssl directory (modified to compile & run under windows) always indicates that my client is not sending a certificate. Client and Server are always using the same .PEM certificate/private key file. The cli.cpp file reports the following error when talking to my server: 1700:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:C:\Download\Source Code and Libraries\OpenSSL\openssl-0.9.6c\ssl\s2_pkt.c:427: Joshua M. Kriegshauser System Engineer Kincaid Technologies, Inc. [EMAIL PROTECTED] (719) 785-2144 CONFIDENTIAL: The information contained in this e-mail message is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. Please notify sender of any error. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
