[stunnel-users] Stunnel-Openssl: Problems with certificate chain

Pietro Di Primo pietro.diprimo at ct.infn.it
Mon Mar 31 10:31:07 CEST 2008

My name is Pietro Di Primo and I work on the INFN Grid project
I'm trying to develop an application based on stunnel.
Everything works well when I use user certificates (signed by our CA), but
i need to use (on the client side) a particular proxy.
This proxy contains a public and a private key, and the public key of the
user that generated it (I atteched a file with a such proxy).
On the server side I have the CA certificate but not the user's one, so I
can't verify the client (unable to get local issuer certificate).
I tried to get the user certificate using the SSL_get_peer_cert_chain
function on the server, but it returns NULL.
On the client side I tried SSL_CTX_use_certificate_chain_file,
Also I tried to get a STACK_OF(X509) and use SSL_CTX_use_certificate (for
proxy certificate), and SSL_CTX_add_extra_chain_cert (to include the
user's certificate), but it still doesn't work.

Can you help me please?

Best Regards


Ing. Pietro Di Primo
INFN - Istituto Nazionale di Fisica Nucleare
Grid Computing Research Area
Via S. Sofia 78                     95123 CATANIA (Italy)
Voice  : +39 095 378-5446/5517
Fax.   : +39 095 378 5518
Mobile : +39 320 8591527
E-mail : pietro.diprimo at ct.infn.it
Skype  : pietrodiprimo
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: x509up_u537
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080331/1588bb3a/attachment.ksh>

More information about the stunnel-users mailing list