[openssl-users] Problems on authentication during TLS handshake

Viktor Dukhovni openssl-users at dukhovni.org
Tue Jan 8 08:05:28 UTC 2019

On Mon, Jan 07, 2019 at 11:43:47PM -0800, Jin Xie wrote:

[ Going forward, please try to post plain-text with regular spaces,
  rather than Unicode non-breaking spaces. ]

>        // load client-side cert and key, signed by intermediate cert
>        SSL_CTX_use_certificate_file(m_ctx, ClientCertificateFileTest, SSL_FILETYPE_PEM);
>        // no need anymore because no way to extract private key
>        // SSL_CTX_use_PrivateKey_file(m_ctx, ClientPrivateKeyFileTest, SSL_FILETYPE_PEM);

Your problem is here, you can't skip loading some form of private
key handle.  OpenSSL 1.1.1 provides an SSL_CTX_use_cert_and_key()
function, which allows the private key to passed as NULL, in which
case it will use the public key as a stand-in for the missing private
key.  All the relevant functions are in ssl/ssl_rsa.c, if you are
willing to read the source code to find the most suitable interface.

If you're using 1.1.0 or 1.0.2 there is probably another way, but
I don't know it off-hand.


More information about the openssl-users mailing list