Skip to content

OpenSSL Client Certificates and Libevent-2.0.3-alpha

Tom Pusateri reported success with using OpenSSL client certificates and libevent's builtin OpenSSL support. Here is what he wrote on the mailing list:

I tried 2.0.3 alpha against the Apple Push notification feedback service which requires a client key/certificate and it works great.

One hint... Make sure you add the key and cert to the SSL context before calling SSL_new(). Otherwise, you'll get an error that looks like:
sslv3 alert handshake failure in SSL routines SSL3_READ_BYTES
Here's the working code:

static void
init_feedback_service(struct event_base *ev_base,
    struct evdns_base *dns)
   int rc;
   struct bufferevent *bev;
   SSL_CTX *ssl_ctx;
   SSL *ssl;

   ssl_ctx = SSL_CTX_new(SSLv3_method());

   rc = SSL_CTX_use_certificate_file(ssl_ctx, "my_apple_cert_key.pem",
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load certificate file");
   rc = SSL_CTX_use_PrivateKey_file(ssl_ctx, "my_apple_cert_key.pem",
   if (rc != 1) {
       errx(EXIT_FAILURE, "Could not load private key file");

   ssl = SSL_new(ssl_ctx);
   bev = bufferevent_openssl_socket_new(ev_base, -1, ssl,
   bufferevent_setcb(bev, feedback_read_cb, NULL,
       feedback_event_cb, NULL);
   rc = bufferevent_socket_connect_hostname(bev, dns, AF_INET,
       "", 2196);
   if (rc < 0) {
       warnx("could not connect to feedback service: %s",
   bufferevent_enable(bev, EV_READ);
Categories: Libevent
Defined tags for this entry: