Closed starrysec closed 3 years ago
SSL_CTX_use_certificate_file doesn't support load client certificate. Now, I have extended the tls_load_certificates function, added the client certificate parsing code, and can use the client certificate.
if (dummy == SSL_SERVER_RSA_CERT) {
context->certificates = (struct TLSCertificate **)TLS_REALLOC(context->certificates, (context->certificates_count + 1) * sizeof(struct TLSCertificate *));
context->certificates[context->certificates_count] = cert;
context->certificates_count++;
DEBUG_PRINT("Loaded certificate: %i\n", (int)context->certificates_count);
} else {
context->client_certificates = (struct TLSCertificate **)TLS_REALLOC(context->client_certificates, (context->client_certificates_count + 1) * sizeof(struct TLSCertificate *));
context->client_certificates[context->client_certificates_count] = cert;
context->client_certificates_count++;
DEBUG_PRINT("Loaded certificate: %i\n", (int)context->client_certificates_count);
}
I use SSL_CTX_use_certificate_file to load client certificate and SSL_CTX_use_PrivateKey_file to load key file.