Hi, My name is Pietro Di Primo and I work on the INFN Grid project (http://grid.infn.it/). I'm trying to develop an application based on stunnel. Everything works well when I use user certificates (signed by our CA), but i need to use (on the client side) a particular proxy. This proxy contains a public and a private key, and the public key of the user that generated it (I atteched a file with a such proxy). On the server side I have the CA certificate but not the user's one, so I can't verify the client (unable to get local issuer certificate). I tried to get the user certificate using the SSL_get_peer_cert_chain function on the server, but it returns NULL. On the client side I tried SSL_CTX_use_certificate_chain_file, Also I tried to get a STACK_OF(X509) and use SSL_CTX_use_certificate (for proxy certificate), and SSL_CTX_add_extra_chain_cert (to include the user's certificate), but it still doesn't work.

Can you help me please?

Best Regards