I'm having problems with my client and server exchanging certificates. Both are set up as client/server. Both self signed certificates were generated by openssl using similar parameters.
The client has no problems getting the server certificate but the server cannot get the client certificate. What am I doing wrong here. // Server code (error handling and cleanup removed): SSL_METHOD * meth; SSL_CTX * ctx; SSL * ssl; X509 * client_cert; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); meth = SSLv23_method(); // Setup combined client and server method ctx = SSL_CTX_new(meth); SSL_CTX_use_certificate_file(ctx, "mycert.pem", SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, "mycert.pem", SSL_FILETYPE_PEM); ssl = SSL_new(ctx); SSL_set_fd(ssl, sock); // sock is connected to client SSL_accept(ssl); // SSL_get_peer_certificate() fails (ssl->session->peer is NULL) client_cert = SSL_get_peer_certificate(ssl); // End of server code // Client code (error handling and cleanup removed): // Socket sd is connected to server at this point. // All function calls succeed. SSL_CTX * ctx; SSL * ssl; X509 * server_cert; SSL_METHOD * meth; SSLeay_add_ssl_algorithms(); meth = SSLv23_method(); // Setup combined client and server method SSL_load_error_strings(); ctx = SSL_CTX_new(meth); SSL_CTX_use_certificate_file(ctx, "clcert.pem"F, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(ctx, "clcert.pem", SSL_FILETYPE_PEM); SSL_CTX_check_private_key(ctx)); ssl = SSL_new(ctx); SSL_set_fd(ssl, sd); SSL_connect(ssl); server_cert = SSL_get_peer_certificate(ssl); X509_free(server_cert); // Everything works ok client side apart from not getting the // certificate across to the server. Thanks, Jan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
