[Vortex] How to use TLS with client cert?
jens at apple.com
Fri Dec 21 16:52:50 CET 2007
I want to use TLS to authenticate BEEP sessions. But I want the
authentication to be bi-directional: each peer will use a [self-
signed] cert, and each peer will check the other's cert. I know TLS
supports this, though it's rarely used in a client-server world; but
I'm having trouble getting it to work in Vortex.
Out of the box, Vortex only seems to have the "server" (listener) use
a cert. I need to make the "client" send one too, that the listener
What I've done so far is to have the initiator call
vortex_tls_set_default_ctx_creation, and the TLS context creation
callback consists largely of a snippet copied out of Vortex's listener
code that creates the context and adds the cert and private-key files
to it. Then after connecting, each side calls
vortex_tls_get_peer_ssl_digest to identify its peer.
The connection gets made OK, but I'm not sure that the "client"'s key
is being used, because on the listener side the SSL digest comes back
NULL. Any ideas?
[I admit I'm a TLS and OpenSSL newbie. I've got an O'Reilly book on
order, but it's not here yet.]
More information about the Vortex