Good afternoon,
--
I am new in Openssl, SSL. So please excuse my poor knowledge.
We are using Openssl 1.0.2j as a 3rdparty in our software to establish SSL connection. We can be a server and/or a client.
We have a requirement to implement the Distinguished Name in the response received by the client. Hopefully I am ok.
To test the connectivity, I am using this command:
/opt/tibco/fp390hf1/3rdparty/linux/openssl/1.0.2j_x86_64/bin/openssl s_client -connect 192.168.127.146:9443 -cert /home/tibco/sslcerts/Certificates/client.pem -key /home/tibco/sslcerts/Keys/client_priv.key -CAfile /home/tibco/sslcerts/CA/trustedca.ca
In my software logs, I can see that the connection was accepted as below:
2022-01-18 11:55:58.115908|DEBUG|netmanca:5|drv|137707586761066:6|CONNECTION ACCEPTED from address <SSL:192.168.127.146:50534>
2022-01-18 11:56:01.214486|DEBUG|netmanca:10|drv|137707586761066:6|CONNECTION RECV <1> bytes received, data <
>
2022-01-18 11:56:01.214486|DEBUG|netmanca:10|drv|137707586761066:6|CONNECTION RECV <1> bytes received, data <
>
I took some tcpdump to analyze the data received from the client and replied back to the client. I can see that the Distinguished Name has a length of 0.
I apologize in advance for the question and the poor details. How can I set in my SSL code the value for the distinguished Name?
Our client pointed us to the following RFC but I am not sure to understand where to add this information in my code.
This information can be inserted during the TLS handshake, in the "certificate request" message, in the field "DistinguishedName".
See https://tools.ietf.org/html/rfc5246#page-53 7.4.4. Certificate Request
opaque DistinguishedName<1..2^16-1>;
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
See https://tools.ietf.org/html/rfc5246#page-53 7.4.4. Certificate Request
opaque DistinguishedName<1..2^16-1>;
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
Please let me know if you need further details from my side.
Thank you very much in advance for your help.
Best regards
Olivier GERMAIN
TIBCO Support
TIBCO software
18, rue du 4 Septembre
75002 Paris, France
75002 Paris, France
Mobile : +33 6 45 30 23 31