[Vortex] How to use TLS with client cert?

Jens Alfke jens at apple.com
Fri Dec 21 16:52:50 CET 2007

I want to use TLS to authenticate BEEP sessions. But I want the  
authentication to be bi-directional: each peer will use a [self- 
signed] cert, and each peer will check the other's cert. I know TLS  
supports this, though it's rarely used in a client-server world; but  
I'm having trouble getting it to work in Vortex.

Out of the box, Vortex only seems to have the "server" (listener) use  
a cert. I need to make the "client" send one too, that the listener  
can check.

What I've done so far is to have the initiator call  
vortex_tls_set_default_ctx_creation, and the TLS context creation  
callback consists largely of a snippet copied out of Vortex's listener  
code that creates the context and adds the cert and private-key files  
to it. Then after connecting, each side calls  
vortex_tls_get_peer_ssl_digest to identify its peer.

The connection gets made OK, but I'm not sure that the "client"'s key  
is being used, because on the listener side the SSL digest comes back  
NULL. Any ideas?

[I admit I'm a TLS and OpenSSL newbie. I've got an O'Reilly book on  
order, but it's not here yet.]



More information about the Vortex mailing list