the problem seems to be that you use self signed certificates /both sides/. there is a few possible ways to do this: 1. use custom handler for errors in certificates in your server static int SSL_verify_callback(int ok, X509_STORE_CTX *ctx) { char buf[256]; X509* err_cert; int err, depth, ret; err_cert= X509_STORE_CTX_get_current_cert(ctx); err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); switch(err) { case X509_V_OK: .... <handle errors> .... } } and use SSL_CTX_set_verify(<your context> ,SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,SSL_verify_callback);
2. you may use valid certificates /not expired, signed from thrusted root e.t.c/ then your default handler will report success. --- ozan alptekin <[EMAIL PROTECTED]> wrote: > > hi, > > I am using openssl 0.9.6.b and trying to write a > server-client program in which both parties should > authenticate each other and i am new to OpenSSL. > > but I have a problem during the handshake process, I > get a "SSL error: 5 : error:00000005::lib(0) > :func(0) :bad asn1 object header" error when client > calls SSL_connect. I realized that it is related > with the verification mode of the server or > something with the certificates I have created. I am > using same selfsigned CA for creating certificates > for server and client. > > I have set the verification flags as > "SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT" > both for the client and the server. > Using methods TLSv1_server_method for the server and > TLSv1_client_method for the client. > > Thanks a lot... > > Ozan Alptekin > > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]