Using a client certificate

[brian beuning]

I am working on a project to write a client program to connect to
a sercure server using a client certificate issued by the server owner.
Below is a copy of the certifcate (after it was converted from p12
to pem format).  I am using code from the excellent book by Eric
Rescorla, like this

    /* Load our keys and certificates*/
    if( ! SSL_CTX_use_certificate_chain_file(ctx,keyfile) )
      BERR_EXIT(0,0,"Can't read certificate file");

    pass=password;
    SSL_CTX_set_default_passwd_cb(ctx,password_cb);
    if( ! SSL_CTX_use_PrivateKey_file(ctx,keyfile,SSL_FILETYPE_PEM) )
      BERR_EXIT(0,0,"Can't read key file");

The SSL_CTX_use_PrivateKey_file() call is failing with an error
      X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);

What am I doing wrong?  Does OpenSSL support client certificates like this?

Thanks,
Brian Beuning

PS.  Here is the client certificate.  I have changed parts of it to ... for
potentially sensitive parts.

Bag Attributes: <Empty Attributes>
subject=/C=US/ST=Illinois/L=Chicago/O=...
issuer= /C=US/ST=Illinois/L=Chicago/O=...
-----BEGIN CERTIFICATE-----
MIIC/zCCAmigAwIBAgIBADANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzER
MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xGDAWBgNVBAoTD1Ry
YW5zVW5pb24sIExMQzEuMCwGA1UEAxMlVHJhbnNVbmlvbiBUVU5BIENlcnRpZmlj
YXRlIEF1dGhvcml0eTAeFw0wMjAzMTgwNjAwMDBaFw0xMjAzMTkwNTU5NTlaMHwx
CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2Fn
bzEYMBYGA1UEChMPVHJhbnNVbmlvbiwgTExDMS4wLAYDVQQDEyVUcmFuc1VuaW9u
IFRVTkEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJc5ftfnyzFZkAoWq9ewmJ+IhCb8FC2BKk2XHjEgtTmeNzFqByeugo
AwyC8LnNF4u43O83tNRqnofNA3aZnCVL5M9/rpd41cuZaPSXh8qHm+ZG5JqJHyUN
HqzwogRRCFWxXHUgZJQ7TQ3Q8nUlQzDyhzYGzqMnUjHQ7Uy6g3tAvwIDAQABo4GQ
MIGNMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBT
ZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgAG
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBEYRKKUQts9VFSPq7ocYJ1Sr5ZL
MA0GCSqGSIb3DQEBBQUAA4GBAMWl0ljuEn0J2YphJUNUBH/xpUQncThxkUfY7zhx
UIC7It8J6q+m141olBlu2yzk8woG3FdkagSB+JQbFBhJqa1FFpj7KcM2gvpFV/BK
eoyVa5oz2GG/W2lVvLkBBhT+3svaZeolcjvbFNPaQecOkSsv128+slpnprRuMxa3
SFOJ
-----END CERTIFICATE-----
Bag Attributes: <Empty Attributes>
subject=/C=US/ST=Illinois/L=Chicago/O=...
issuer= /C=US/ST=Illinois/L=Chicago/O=...
-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzER
MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xGDAWBgNVBAoTD1Ry
YW5zVW5pb24sIExMQzEuMCwGA1UEAxMlVHJhbnNVbmlvbiBUVU5BIENlcnRpZmlj
YXRlIEF1dGhvcml0eTAeFw0wMjAzMTgwNjAwMDBaFw0xMjAzMTkwNTU5NTlaMH0x
CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2Fn
bzEYMBYGA1UEChMPVHJhbnNVbmlvbiwgTExDMS8wLQYDVQQDEyZUcmFuc1VuaW9u
IFRVTkEgUmVnaXN0cmF0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA2LpFNy77j/UY0OTvd21DE+FmLjlEanl1ae+sTpSEF3TzyAE8a+/q
xqM8g+hj3RaSgEDOS6AVrBOEiz/tOh21e74+j/6K5ZTTBeWLXPmg+65bVotewF19
g7+MiR+D0js1EbCHT91c8LFcnwcMFSZbXfFoUde640MqoLrTuL2eBAMCAwEAAaOB
sTCBrjBLBglVHQ8BhvhCAQ0EPhM8R2VuZXJhdGVkIGJ5IHRoZSBTZWN1cmVXYXkg
U2VjdXJpdHkgU2VydmVyIGZvciBPUy8zOTAgKFJBQ0YpMA4GA1UdDwEB/wQEAwIA
VjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSdGGMj6ut9HR48JnCP7ir9pHkY
xzAfBgNVHSMEGDAWgBQRGESilELbPVRUj6u6HGCdUq+WSzANBgkqhkiG9w0BAQUF
AAOBgQAsS7SwkuxfNNah/ycYOoHWM6brDq6TNfHZZZKkJKvOsr8AjOGCe5z3gqel
J2lYmn0eG+ZavTkUWX372q4IW/XFeKfV1dMGsHLzvKujmzQxF1cJRQHK3n7rGcRG
COyfABsQMNBytl6FsvlGivpjdoqU/kiPSNBpVVA/qO1cwDF+Rg==
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: TUNA Test Client Certificate
    localKeyID: 00 00 00 01
subject=/C=US/ST=Illinois/L=Chicago/O=...
issuer= /C=US/ST=Illinois/L=Chicago/O=...
-----BEGIN CERTIFICATE-----
MIIDDzCCAnigAwIBAgIBAjANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzER
MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xGDAWBgNVBAoTD1Ry
YW5zVW5pb24sIExMQzEvMC0GA1UEAxMmVHJhbnNVbmlvbiBUVU5BIFJlZ2lzdHJh
dGlvbiBBdXRob3JpdHkwHhcNMDIwMzE4MDYwMDAwWhcNMTIwMzE5MDU1OTU5WjB7
MQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNh
Z28xGDAWBgNVBAoTD1RyYW5zVW5pb24sIExMQzEtMCsGA1UEAxMkVHJhbnNVbmlv
biBOZXQgQWNjZXNzIENsaWVudCBUZXN0aW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDQbkykAd91w9+vPQYHZsqoe/D84oTpxJiZleVuoXWlhT0pbZt2qB6p
2OT8MutzGuloeWJvs92rPnMzKmvl0+RvSO4fyGlcAZYFL57Y/RKeuPaRpknx3tIt
R3yUt+P2PfVXN5wL4z0Sj6g7DwE1y3K8x/vJY1y9kspOI4n8ZqnU+QIDAQABo4Gg
MIGdMEsGCVUdDwGG+EIBDQQ+EzxHZW5lcmF0ZWQgYnkgdGhlIFNlY3VyZVdheSBT
ZWN1cml0eSBTZXJ2ZXIgZm9yIE9TLzM5MCAoUkFDRikwDgYDVR0PAQH/BAQDAgCw
MB0GA1UdDgQWBBRj77ZtIb7fphtfyIkI4Byprl68fjAfBgNVHSMEGDAWgBSdGGMj
6ut9HR48JnCP7ir9pHkYxzANBgkqhkiG9w0BAQUFAAOBgQBozy77iVGzToaJUQvR
SdQZRgEmNYSvK8qasXR6uBfHorNalbDBg2tsr1iOJFTQp2XfIC4YRaM0cURZ6NiM
yETG4UuG7gUSPVNQ96bWd5p+lxk0LwtPWcj/sJEyO25vivGqL4XFn3a3zZHTFOc8
USDdjyvMmIrp5LiS0qAWszoW5A==
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: TUNA Test Client Certificate
    localKeyID: 00 00 00 01
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,01964557C410413E

...
-----END RSA PRIVATE KEY-----



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]