<![CDATA[wolfSSL - Embedded SSL Library — external client certificate verification]]> https://www.wolfssl.com/forums/topic752-external-client-certificate-verification.html Wed, 06 Jan 2016 03:17:08 +0000 PunBB <![CDATA[Re: external client certificate verification]]> https://www.wolfssl.com/forums/post2369.html#p2369 We have the library to communicate with smart card.
The certificate verification requires signing the certificate DER data with the private key.
We can handle the signing process (implementing our call back function).

We are looking for the callback insertion point. Our callback function will take take care of signing the data.

Thanks.

]]> Wed, 06 Jan 2016 03:17:08 +0000 https://www.wolfssl.com/forums/post2369.html#p2369 <![CDATA[Re: external client certificate verification]]> https://www.wolfssl.com/forums/post2367.html#p2367 Hi,

wolfSSL currently only provides the functionality to load keys and certificates from files or memory buffers in either PEM or DER format.  We haven't yet ported wolfSSL into a smart card API, but could explore doing so on a consulting basis if desired.

Is this something that you would like to explore?

Best Regards,
Chris

]]> Tue, 05 Jan 2016 21:43:16 +0000 https://www.wolfssl.com/forums/post2367.html#p2367 <![CDATA[external client certificate verification]]> https://www.wolfssl.com/forums/post2365.html#p2365 Hi,
I am building an http client to connect to IIS which is configured to request client certificate.
The private key is stored in a smart card. The key should not leave SC. We can supply the .cer file to library, but can not suuply private key (pem/pfx/p12).
The application will be written for windows under VS and android (Java).

We can not use CSP.
HttpWebClient (C#) / HttpsURLConnection (Java) do not allow to verify X.509 cert externally (must have private key.)

How to use WolfSSL to accomplish this task.

Thanks.

]]> Fri, 01 Jan 2016 17:19:42 +0000 https://www.wolfssl.com/forums/post2365.html#p2365