tags:

views:

8

answers:

1
Q: 

OpenSSL SSL_CTX_use_PrivateKey_file with Windows certificate store

Hi, I have a native C++ library which uses OpenSSL for TLS. It reads the private key using SSL_CTX_use_PrivateKey_file and everything is fine,

Then I created a C# wrapper which reads the certificates from Windows certificate store according to certain OIDs and the subject name. And here is the problem - I might get more than one certificate. How can I deal with that? Try all of them?

Is it possible to hold more than one private key in a PEM file?

Thank you very much.

A: 

You can only present one certificate to the client (well, you can present an entire certificate chain, but that's a different thing - there's still only one server certificate in the end). So you'll have to figure out a way to choose just one - perhaps choosing the one with the latest expiry date makes sense?

caf  2010-07-14 14:01:22
That was what I thought. Thank you!
IUnknownPointer  2010-07-15 09:15:58

related questions

OpenSSL and generating CSRs at client side
Encrypting data in Cocoa, decoding in PHP (and vice versa)
SSCrypto/OpenSSL to C# Crypto
How do you test a public/private keypair?
Python memory debugging with GDB
Programmatically Create X509 Certificate using OpenSSL
Understanding engine initialization in OpenSSL
Net::SSLeay post_https compilation error: Too many arguments
Opening an RSA private key from Ruby
How can I parse a Certificate Signing Request with Perl?
How to deploying a self signed SSL certificate to multiple servers
Building libcurl with SSL support on Windows
Self Signed Certificate in Windows without makecert?
"CURLE_OUT_OF_MEMORY" error when posting via https
How would you test an SSL connection?
Crypto/x509 certificate parsing libraries for Python (pyOpenSSL vs Python OpenSSL Wrappers vs...)
Strange call stack, could it be problem in asio's usage of openssl?
Is it a problem if multiple different accepting sockets use the same OpenSSL context?
Ruby on Rails: no such file to load -- openssl on RedHat Linux Enterprise
Using openssl what does "unable to write 'random state'" mean?
Using openssl encryption with Java
C# utility to create a CA
Easy expanation of setting up Openssl on Windows.
Getting ASN.1 Issuer strings from PEM files?
What Certificate Authority Software is Available?