[Vortex] How to use TLS with client cert?
Francis Brosnan Blazquez
francis at aspl.es
Mon Dec 24 12:29:33 CET 2007
> I want to use TLS to authenticate BEEP sessions. But I want the
> authentication to be bi-directional: each peer will use a [self-
> signed] cert, and each peer will check the other's cert. I know TLS
> supports this, though it's rarely used in a client-server world;
Sure, it is supported Jens...
> I'm having trouble getting it to work in Vortex.
> Out of the box, Vortex only seems to have the "server" (listener)
> a cert. I need to make the "client" send one too, that the listener
> can check.
That is, the default configuration provided only support server
authentication (only the listener provides a certificate, like https
> What I've done so far is to have the initiator call
> vortex_tls_set_default_ctx_creation, and the TLS context creation
> callback consists largely of a snippet copied out of Vortex's
> code that creates the context and adds the cert and private-key
> to it. Then after connecting, each side calls
> vortex_tls_get_peer_ssl_digest to identify its peer.
> The connection gets made OK, but I'm not sure that the "client"'s
> is being used, because on the listener side the SSL digest comes
> NULL. Any ideas?
> [I admit I'm a TLS and OpenSSL newbie. I've got an O'Reilly book on
> order, but it's not here yet.]
A useful order.
You are in the right direction, using the proper functions...
There is an example that does exactly what you are trying . It is the
documentation associated to the VortexTlsCtxCreation.
This is an initial piece because you must verify state after doing all
TLS voodo using a post checking (VortexTlsPostCheck) at the client
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.
More information about the Vortex