如何在Openssl中为客户端实现相互身份验证? [英] How to implement mutual authentication for client in Openssl?
问题描述
相互身份验证需要执行哪些函数调用?我进行了很多搜索,但没有发现任何有用的信息.
What function calls do I need to do for mutual authentication ? I have searched a lot, but didn't find anything useful.
有人可以帮助我这样做吗?
Can anybody help me doing this ?
推荐答案
您正在寻找的函数调用是 SSL_set_verify()
系列.在服务器端,指定SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
需要有效的客户端证书.在客户端,只需SSL_VERIFY_PEER
.
The function calls you are looking for are the SSL_set_verify()
family. On the server side, specifying SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
requires a valid client certificate. On the client side, just SSL_VERIFY_PEER
is needed.
双方还必须确保在其指定的密码列表中不允许使用匿名密码(设置为
Both sides must also ensure that anonymous ciphers are not allowed in their specified cipher list (set with SL_CTX_set_cipher_list()
).
这篇关于如何在Openssl中为客户端实现相互身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!