[omniORB] Mutual authentication for SSL in omniORB
Axelle Apvrille (LMC)
Axelle.Apvrille@ericsson.ca
Fri May 2 15:31:28 2003
Hi all,
I need SSL connections with mutual authentication of both client and
server side. This is not the default behaviour since one more often only
provides authentication of the server, and not of the client.
However, it's configurable. I seem to understand this can be done with
OpenSSL by using the SSL_CTX_set_verify and SSL_set_verify functions
using the flags SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_PEER.
How can I tell omniORB to initiate such connections ? The SSL_echo
sample only shows how to initiate a default SSL connection: provide the
CA certificate and the key file.
I've been through omniORB's orbcore/ssl/sslContext.cc file, but I'm
unsure how I could achieve my mutual authentication. For instance, how
can I retrieve
an SSL_CTX * or an SSL * before the actual handshake is done ?
Regards
Axelle.