<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
Hi,<br>
<br>
I'm new to OpenSSL and am trying to set up mutual authentication
in a client. The client is setup with OpenSSL 1.0.2u. and the
client's certificate + private key is stored on a Smart Card. When
the client receives a certificate request from the server during the
mutual authentication handshake, the OpenSSL <i>client_cert_cb</i>
callback function is automatically invoked. The problem is that <i>client_cert_cb</i>
requires a private key. Unfortunately, it is not possible to get a
private key from a Smart Card. Is there a way to send a certificate
to the server without needing the private key?<br>
<br>
I'm setting up the callback function with:<br>
<br>
<font size="+1" face="monospace">void
SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL
*ssl, X509 **x509, EVP_PKEY **pkey));</font><font size="+1"><br>
</font><br>
<br>
Here is a sample of what my code looks like when I set this up:<br>
<br>
<font size="+1" face="monospace">SSL_CTX_set_client_cert_cb(context,
<b>openSSLClientAuthenticationCallBack</b>);<br>
<br>
int <b>openSSLClientAuthenticationCallBack</b>(SSL *ssl, X509
**x509, EVP_PKEY **pkey)<br>
{<br>
. . .<br>
}<br>
</font><br>
<br>
I can access the Smart Card using the PKCS#11 interface and I'm able
to get the certificate and sign it, etc. However, I cannot get the
actual private key from the Smart Card.<br>
<br>
Does anyone know how I can get around this problem?<br>
<br>
<br>
Thanks,<br>
George<br>
<br>
</body>
</html>