如何在Openssl中为客户端实现相互身份验证? [英] How to implement mutual authentication for client in Openssl?

问题描述

相互身份验证需要执行哪些函数调用?我进行了很多搜索，但没有发现任何有用的信息.

What function calls do I need to do for mutual authentication ? I have searched a lot, but didn't find anything useful.

有人可以帮助我这样做吗?

Can anybody help me doing this ?

推荐答案

您正在寻找的函数调用是 SSL_set_verify() 系列.在服务器端，指定SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT需要有效的客户端证书.在客户端，只需SSL_VERIFY_PEER.

The function calls you are looking for are the SSL_set_verify() family. On the server side, specifying SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT requires a valid client certificate. On the client side, just SSL_VERIFY_PEER is needed.

双方还必须确保在其指定的密码列表中不允许使用匿名密码(设置为

Both sides must also ensure that anonymous ciphers are not allowed in their specified cipher list (set with SL_CTX_set_cipher_list()).

这篇关于如何在Openssl中为客户端实现相互身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！