[openssl-users] Openssl backend for glib

Ignacio Casal ignacio.casal at nice-software.com
Mon Aug 24 12:41:00 UTC 2015


Hey guys,

I am currently working on an openssl backend for glib and I got to a point
where I am blocked and maybe you can help me understand what I am doing
wrong.

First of all the source code can be found here:
https://github.com/nice-software/glib-networking/tree/wip/openssl

The problem is the next, on one of our unit tests we require a specific
authentication, meaning that I endup calling SSL_set_verify, as you can see
here:
https://github.com/nice-software/glib-networking/blob/wip/openssl/tls/openssl/gtlsserverconnection-openssl.c#L127

This should make the server require the client to send the certificate but
for some reason this certificate is never sent and I endup having an error
when handshaking.

I was reading that I can just simply set the certificate callback as I do
here:
https://github.com/nice-software/glib-networking/blob/wip/openssl/tls/openssl/gtlsclientconnection-openssl.c#L437

This callback gets called and I set the certificate but adding some
debugging on openssl's code I see I keep getting that the server does not
get the certificate.

Here is a extract of the printfs I added to the openssl code. Any ideas?

server, accept
server, get client hello: 1
server, send server hello: 1
server, send server cert: 1
server, send cert request: 1
connect1
get server hello: 1
get key exchange: 1
get cert request: 1
get server done: 1
do client cert cb: 1
do client cert cb2: 1
do client cert cb4: 1
do client cert cb do write
send client cert: 1
send client key exchange: 1
send client verify: 1
change cipher spec: 1
send finished: 1
server, check client hello: 1
server, get client cert: -1
server, accept2: -1
finish not ok
get finsihed: 0
connect2: 0


Cheers.


-- 
Ignacio Casal Quinteiro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150824/6e017dc6/attachment.html>


More information about the openssl-users mailing list