问题
How to Convert X509 *Certificate to STACK_OF(X509_NAME)
Need to pass this STACK_OF(X509_NAME) to openssl api ENGINE_load_ssl_client_cert
回答1:
I need to pass
STACK_OF(X509_NAME)toENGINE_load_ssl_client_cert...
You have not given us much to work with. Its not clear what your problem is, so its hard to say what you should be doing differently.
Start tracing OpenSSL's code in <openssl src dir>/ssl/s3_clnt.c:
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{
int i = 0;
#ifndef OPENSSL_NO_ENGINE
if (s->ctx->client_cert_engine) {
i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
SSL_get_client_CA_list(s),
px509, ppkey, NULL, NULL, NULL);
if (i != 0)
return i;
}
#endif
if (s->ctx->client_cert_cb)
i = s->ctx->client_cert_cb(s, px509, ppkey);
return i;
}
As you can see, it takes a stack of X509, not X509_NAME. I've never spent any significant time working with the ENGINE code, so I'm not sure what happens next.
You might also be interested in STACK API on the OpenSSL wiki.
Finally, there are some other hits you may b interested in. I was kind of surprised to see there were no hits in one of the apps.
$ grep -IR ENGINE_load_ssl_client_cert *
crypto/engine/eng_err.c: "ENGINE_load_ssl_client_cert"},
crypto/engine/eng_pkey.c:int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
crypto/engine/engine.h:int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
ssl/s3_clnt.c: i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
util/libeay.num:ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
来源:https://stackoverflow.com/questions/38655411/how-to-convert-x509-certificate-to-stack-ofx509-name