Getting certificates from smartcards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 21, 2015, Victor Wagner wrote:

> On Tue, 21 Jul 2015 06:58:24 +0000 (UTC)
> Anirudh Raghunath <anirudhraghunath at rocketmail.com> wrote:
> 
> As far as I can understand, this function is designed to be called from
> the client certificate callback, set with function
> SSL_CTX_set_client_cert_cb. This callback gets pointer to SSL structure
> (which should be passed to ENGINE_load_ssl_client_cert) and can use
> SSL_get_client_CA_list to obtain list of CAs, which server would trust.
> (SSL protocol allows to send this list to client).
> 

It's intended to be called automatically when SSL_CTX_set_client_cert_engine
sets up a "client authentication ENGINE".

> So, you would pass to the ENGINE_load_ssl_client_certs
> 
> 1. reference to engine to use
> 2. pointer to SSL object of your client connection (don't know why it
> might be needed), 

This is there so the ENGINE can query other properties of the connection which
might decide which chain to use. For example the supported signature
algorithms.

> 
> Unfortunately, I do not know any engine which does all the things above.
> I've looked into source of OpenSC pkcs11 engine version 0.1.8 and found
> out that it doesn't support this function.
> 

The CrytpoAPI ENGINE performs some of these tasks but so far it is the only
one I'm aware of.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux