Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
and realized I forgot to call ENGINE_ctrl_cmd(...) to setup
"LOAD_CERT_CTRL". However, when I do this, the callback function
is no longer being called during the mutual authentication
handshake. I'm wondering if I have the parameter
"cert_info.s_slot_cert_id" incorrectly configured. Here is what
my code looks like:
struct
{
const char* s_slot_cert_id;
X509* cert;
} cert_info;
cert_info.s_slot_cert_id =
"a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45";
cert_info.cert = NULL;
ENGINE_ctrl_cmd(engine,
"LOAD_CERT_CTRL", 0, &cert_info, NULL, 0);
SSL_CTX_use_certificate(sslContext,
cert_info.cert);
I tried manually using LOAD_CERT_CTRL in the openssl shell but I
cannot seem to get it to work and cannot find any examples of
how to use it. Is the syntax for
LOAD_CERT_CTRL
correct? I am using "LOAD_CERT_CTRL:<certificate
Object ID>".
OpenSSL> engine -vvvv -t
dynamic -pre
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll"
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
"MODULE_PATH:C:\Program Files (x86)\HID
Global\ActivClient\\acpkcs211.dll" -pre PIN:123456 -pre
FORCE_LOGIN -pre
"LOAD_CERT_CTRL:a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45"
(dynamic) Dynamic engine
loading support
[Success]:
SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: MODULE_PATH:C:\Program Files
(x86)\HID Global\ActivClient\\acpkcs211.dll
[Success]: PIN:123456
[Success]: FORCE_LOGIN
[Failure]:
LOAD_CERT_CTRL:a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45
4196:error:260AB086:engine
routines:ENGINE_ctrl_cmd_string:cmd not
executable:.\crypto\engine\eng_ctrl.c:316:
Loaded: (pkcs11) pkcs11 engine
[ available ]
SO_PATH: Specifies the path to the
'pkcs11' engine shared library
(input flags): STRING
MODULE_PATH: Specifies the path to
the PKCS#11 module shared library
(input flags): STRING
PIN: Specifies the pin code
(input flags): STRING
VERBOSE: Print additional details
(input flags): NO_INPUT
QUIET: Remove additional details
(input flags): NO_INPUT
LOAD_CERT_CTRL: Get the
certificate from card
(input flags):
[Internal]
INIT_ARGS: Specifies additional
initialization arguments to the PKCS#11 module
(input flags): STRING
SET_USER_INTERFACE: Set the global
user interface (internal)
(input flags): [Internal]
SET_CALLBACK_DATA: Set the global
user interface extra data (internal)
(input flags): [Internal]
FORCE_LOGIN: Force login to the
PKCS#11 module
(input flags): NO_INPUT
OpenSSL>
I'm using the certificate object ID
"a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45"
for LOAD_CERT_CTRL. Is this right? (I also tried adding "0:" in
front of it to indicate slot 0, but that did not work either.
