Need help - Client Authentication

Jason Qian jason.qian at cloud.com
Fri Mar 8 15:38:53 UTC 2024


Hi,

I am working on a TLS server that requires client autiendaction.
SSL version: *OpenSSL 1.1.1n *

I have following calls(Server) :

const SSL_METHOD* method = TLSv1_2_server_method();
SSL_CTX * _ctx = SSL_CTX_new(method);

...

SSL_CTX_use_certificate_file(_ctx, CertificateFile.c_str(),
SSL_FILETYPE_PEM);
*SSL_CTX_set_default_passwd_cb_userdata*(_ctx, (void*)TLS_KEY_PASSWD);
SSL_CTX_use_PrivateKey_file(_ctx, PrivateKeyFile.c_str(), SSL_FILETYPE_PEM);
SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
SSL_CTX_load_verify_locations(_ctx, TLS_CA_FILE, NULL);
SSL_CTX_set_client_CA_list(_ctx, SSL_load_client_CA_file(TLS_CA_FILE));
....
SSL * _ssl = SSL_new(_ctx);
SSL_set_fd(_ssl, conn);
SSL_accept(_ssl);

The server seems to work fine.  My question is  regarding "
*SSL_CTX_set_default_passwd_cb_userdata".*
Do I need to set the password? I tried with/without the call and all seemed
to work fine.


Thanks for your help,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240308/95d86067/attachment.htm>


More information about the openssl-users mailing list