Hello,
My company wishes to do by having the client send a certificate. The
serv.cpp application in the demos/ssl directory has the capability of
reporting a client certificate, but it never reports one on my client.
Here's how the client connection is set up:
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
SSL_library_init();
sslctx = SSL_CTX_new( SSLv23_client_method() );
sock = socket(...);
ssl = SSL_new( sslctx );
SSL_CTX_user_certificate_chain_file( sslctx, file ); /* no error */
SSL_CTX_use_PrivateKey_file( sslctx, file, SSL_FILETYPE_PEM ); /* no error
*/
SSL_CTX_check_private_key( sslctx ); /* no error */
connect(sock, ...);
SSL_set_fd( ssl, sock ); /* no error */
SSL_connect( ssl ); /* fails with SSL_ERROR_WANT_READ because of
non-blocking */
while( SSL_is_init_finished( ssl ) == 0 ) {
if( SSL_do_handshake( ssl ) <= 0 && SSL_get_error( ssl, ... ) !=
SSL_ERROR_WANT_READ || SSL_ERROR_WANT_WRITE ) {
close(sock);
break;
}
}
if( no error ) {
// process data as necessary using SSL_read() and SSL_write()
}
What am I doing wrong in such that the client never sends a certificate?
Joshua M. Kriegshauser
System Engineer
Kincaid Technologies, Inc.
[EMAIL PROTECTED]
(719) 785-2144
CONFIDENTIAL: The information contained in this e-mail message is privileged
and confidential information intended only for the use of the individual or
entity named above. If the reader of this message is not the intended
recipient, any dissemination, distribution or copying of this communication
is strictly prohibited. Please notify sender of any error.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
