We're using a multi platform application which should run on both Windows and Mac. Our application is based on OpenSSL as the SSL and related stuff supplier. It uses Client Certificate to establish secure connections and to identify the end user.
We want to use Windows and Mac native certificate storages to ensure maximum security. Openssl has an engine t开发者_运维知识库o interact with Windows' Certificate Store (CAPI engine). However, we didn't manage to find such a solution for Mac's Keychain.
Is there an integration between OpenSSL and Apple's Keychain?
If not, what are your suggestion ?
I think the "simplest" solution would be to write an OpenSSL engine for CSSM (API for CDSA, the security architecture used by Mac OS X). You should ask on the openssl-dev mailing list if anyone is interested in helping (and might have already started).
In addition to handling the client certificate, you will also need to verify the server certificate.
To do so, you will have to provide OpenSSL with a callback that uses the Mac OS X security framework to validate the server certificate. Use the OpenSSL function SSL_CTX_set_cert_verify_callback to set your custom certificate validation callback. Your callback must convert the OpenSSL certificates to SecCertificateRef, create a SecPolicyRef for SSL connections, create a SecTrustRef and evaluate it. See Certificate, Key, and Trust Services Reference for more details.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论