Re: c-client support for client certificates?

[Mark Crispin]

No, c-client does not have any support for SSL client certificates.
The [GS]ET_SSLCERTIFICATEQUERY mail_parameter() callback routine is used 
to allow the application a chance to decide whether to proceed or abort if 
the *server* certificate fails validation.

On Thu, 24 Feb 2005, Kevin P. Fleming wrote:
Is there any way currently to get c-client to accept a client certificate 
(PEM-encoded string representation) and pass it along when OpenSSL asks for 
it during the TLS negotiation?
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

c-client support for client certificates?

[Kevin P. Fleming]

I'm trying to build up a Horde/IMP installation secured by using SSL 
certificates on both sides (server and client). I have no trouble using 
the client cert to authenticate to Horde, and I have no trouble using 
the client cert to authenticate _directly_ to Cyrus IMAP (which is 
obviously my IMAP backend). I'm running all this on Linux, using 
OpenSSL, and the IMAP toolkit was built using "make slx" with SSLTYPE 
set to unix.nopwd.

What I cannot do (yet) is get IMP to pass the certificate it received 
from Apache along as part of the TLS negotiation when it tries to 
connect to the IMAP server. IMP uses the PHP imap extension, which in 
turn uses c-client (and yes, I'm running the latest c-client and PHP).

The documentation on c-client is sparse... but I do see a mail_parameter 
setting for SSLCERTIFICATEQUERY. I cannot find any docs or examples that 
would show me what this is for, though, so I figured I'd ask here.

Is there any way currently to get c-client to accept a client 
certificate (PEM-encoded string representation) and pass it along when 
OpenSSL asks for it during the TLS negotiation?
--
--
For information about this mailing list, and its archives, see: 
http://www.washington.edu/imap/c-client-list.html
--