[stunnel-users] Stunnel and CryptoAPI

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Mon Aug 15 10:06:34 CEST 2011


On Mon, 2011-08-15 09:15:32 +0200, ratmahat at hush.ai wrote:
> Hello everyone!
> I have an interesting question, which i didn't find any answer to 
> after several searches.
> 1. What if I want to enable client verification with client 
> certificate provided by smart card? Is it possible?

Yes, this is possible as stunnel uses openSSL, which supports smart
cards or crypto tokens via plugins.

Look for 'engine' and 'engineCtrl' configuration options for
stunnel. There's even an example in the stunnel man page (so I'm
surprised you didn't find out yourself).

> 2. Does stunnel has the capability to access Windows certificate 
> store in order to verificate the client certificate with the CA in 
> the store?

As far as I remember, Michał found out recently (end of last year),
there is support for the windows certificate store in openSSL. I don't
know if there are/were changes to stunnel necessary for using this
feature.

HTH,

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------




More information about the stunnel-users mailing list