[openssl-users] Getting certificates from smartcards
anirudhraghunath at rocketmail.com
Tue Jul 21 13:58:21 UTC 2015
Ah okay, that clears up quite a lot of doubts. But the certificate I want to load is a self signed certificate which has a private key attached to it. I used the XCA application to export the certificate-private key pair as a p12 file to the smart card. What should I do to get the certificate in this case? Thanks.
On Tuesday, 21 July 2015 2:40 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
On Tue, Jul 21, 2015, Victor Wagner wrote:
> On Tue, 21 Jul 2015 06:58:24 +0000 (UTC)
> Anirudh Raghunath <anirudhraghunath at rocketmail.com> wrote:
> As far as I can understand, this function is designed to be called from
> the client certificate callback, set with function
> SSL_CTX_set_client_cert_cb. This callback gets pointer to SSL structure
> (which should be passed to ENGINE_load_ssl_client_cert) and can use
> SSL_get_client_CA_list to obtain list of CAs, which server would trust.
> (SSL protocol allows to send this list to client).
It's intended to be called automatically when SSL_CTX_set_client_cert_engine
sets up a "client authentication ENGINE".
> So, you would pass to the ENGINE_load_ssl_client_certs
> 1. reference to engine to use
> 2. pointer to SSL object of your client connection (don't know why it
> might be needed),
This is there so the ENGINE can query other properties of the connection which
might decide which chain to use. For example the supported signature
> Unfortunately, I do not know any engine which does all the things above.
> I've looked into source of OpenSC pkcs11 engine version 0.1.8 and found
> out that it doesn't support this function.
The CrytpoAPI ENGINE performs some of these tasks but so far it is the only
one I'm aware of.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users