A simple example program that demonstrates two-way authentication between a client and the server.
There are a couple of things to be noted here:
- Hostname verification is not performed. If you want to perform it, you should take a look at this repository.
- Don't plugin this code directly into multi-threaded applications, you need to call some additional routines so that OpenSSL routines become reentrant.
- You can generate the keys by looking at this gist or by using the included script
certs_gen.sh(Unix based OS).
- Any decent C compiler
- OpenSSL development library
make
To create the certificates and the private keys call ./certs_gen.sh. It creates a subdirectory certs which contains the privates keys, the certificate requests and the certificates.
The server side can be executed either using the openssl CLI or this example.
Using this example
./ssl-2way server 8888 ./certs/ca/ca_cert.pem ./certs/server/server_cert.pem ./certs/server/private/server_key.pem
Using the opensll CLI
openssl s_server -accept 8888 -cert ./certs/server/server_cert.pem -key ./certs/server/private/server_key.pem -CAfile ./certs/ca/ca_cert.pem
The client side can be executed either using the openssl CLI or this example.
Using this example
./ssl-2way client 0.0.0.0:8888 ./certs/ca/ca_cert.pem ./certs/client/client_cert.pem ./certs/client/private/client_key.pem
Using the opensll CLI
openssl s_client -connect 0.0.0.0:8888 -cert ./certs/client/client_cert.pem -key ./certs/client/private/client_key.pem -CAfile ./certs/ca/ca_cert.pem -showcerts -msg