'Implement client-certificate authentication callback in openssl

Currently, in openssl there's an option to set the signing certificate to be used to sign challenge in case of client-side authentication (server wishes to verify the client).

void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
                                                       EVP_PKEY **pkey));

In the example above the signing certificate to be set (cert + pkey) in the callback function. They will be used to sign the challenge automatically once the server request client-side authentication.

However, I wish to create a callback in openssl that will get the challenge and my code will sign it from my own callback implementation. Such capability is required in macOS where the signing certificates are often saved in keychain and cannot be exported. The client may only get pkey reference and it sign the challenge inside the keychain.

I guess that in windows certificate store, it's the same situation, where the private key cannot be exported, no ?

Thanks

c++macos ssl openssl keychain

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'Implement client-certificate authentication callback in openssl

Sources

Related Questions