sslopensslacemutual-authentication

ACE SSL Error: peer did not return a certificate


I am making both server and client for an application, using the ACE library with OpenSSL. I am trying to get mutual authentication to work, o the server will only accept connections from trusted clients.

I have generated a CA key and cert, and used it to sign a server cert and a client cert (each with their own keys also). I seem to be loading the trusted store correctly, but I keep getting the error "peer did not return a certificate" during handshake.

Server side code:

ACE_SSL_Context *context = ACE_SSL_Context::instance();

context->set_mode(ACE_SSL_Context::SSLv23_server);
context->certificate("../ACE-server/server_cert.pem", SSL_FILETYPE_PEM);
context->private_key("../ACE-server/server_key.pem", SSL_FILETYPE_PEM);

if (context->load_trusted_ca("../ACE-server/trusted.pem", 0, false) == -1) {
    ACE_ERROR_RETURN((LM_ERROR, "%p\n", "load_trusted_ca"), -1);
}

if (context->have_trusted_ca() <= 0) {
    ACE_ERROR_RETURN((LM_ERROR, "%p\n", "have_trusted_ca"), -1);
}

Client side code:

ACE_SSL_Context *context = ACE_SSL_Context::instance();
context->set_mode(ACE_SSL_Context::SSLv23_client);
context->certificate("../ACE-client/client_cert.pem", SSL_FILETYPE_PEM);
context->private_key("../ACE-client/client_key.pem", SSL_FILETYPE_PEM);

I generated the certificates following these instructions: https://blog.codeship.com/how-to-set-up-mutual-tls-authentication/

And checking online, I found that if the .crt and .key files are readable, they should already be in .pem format and there is no need to convert them. So I just changed the extension and used them here.

Any help is appreciated!


Solution

  • My problem apparently was the same as seen here: OpenSSL client not sending client certificate

    I was changing the SSL context after creating the SSL Socket. Now the mutual authentication works, but my client crashes when closing the connection. Though I don't know why that is yet.