Provider implementation providing client certificates during TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear OpenSSL users,

I'm currently developing an OpenSSL provider (so I'm using OpenSSL versions 3.0 and newer, currently self compiled 3.1.0-beta2-dev). One key feature of the provider will be providing client certificates (from my providers store) to servers upon request during TLS.

I've implemented decoder, keymgmt, signature and store functionalities.

To quote documentation from `SSL_CTX_set_client_cert_cb`, "When a certificate was set using the SSL_CTX_use_certificate(3) family of functions, it will be sent to the server.". I've used `SSL_CTX_load_verify_store()` which I believe suffices.

Unfortunately none of my functions get called afterward when dealing with the client certificate. And by that I mean that my store isn't opened to see if I have matching certificates.

I've tried to circumvent this behavior with `SSL_CTX_set_client_cert_cb()` where I load the certificate and key manually, but to no avail. None of my implemented functions get called and when looking at the stack trace I get lost really fast since there is some caching happening. I'm suspicious that my functions don't get called in this case because I have not implemented digest functionalities. Since the last trace output I get is "Using client verify alg SHA2-256". (Although I get that output even when not using custom client certificate callback).

So my question is: What needs to be implemented/changed/called so OpenSSL will use certificates from my providers store as client certificates?

Any help would be strongly appreciated.
Ladislav Marko




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux