Re: SSL_connect problem : bad asn1 object header

Sun, 19 Jan 2003 23:29:07 -0800 

the problem seems to be that you use self signed
certificates /both sides/.
there is a few possible ways to do this:
1. use custom handler for errors in certificates in
your server 
static int SSL_verify_callback(int ok, X509_STORE_CTX
*ctx)
{
char    buf[256];
X509*   err_cert;
int     err, depth, ret;
        
err_cert= X509_STORE_CTX_get_current_cert(ctx);
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);     
        
switch(err) 
  {
    case X509_V_OK:
     ....
    <handle errors>
    ....
  }
}
 
and use 
SSL_CTX_set_verify(<your context>
,SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE|
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,SSL_verify_callback);

2. you may use valid certificates /not expired, signed
from thrusted root e.t.c/ then your default handler
will report success.


--- ozan alptekin <[EMAIL PROTECTED]> wrote:
> 
> hi,
> 
> I am using openssl 0.9.6.b and trying to write a
> server-client program in which both parties should
> authenticate each other and i am new to OpenSSL.
> 
> but I have a problem during the handshake process, I
> get a "SSL error: 5 : error:00000005::lib(0)
> :func(0) :bad asn1 object header" error when client
> calls SSL_connect. I realized that it is related
> with the verification mode of the server or
> something with the certificates I have created. I am
> using same selfsigned CA for creating certificates
> for server and client.
> 
> I have set the verification flags as
> "SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
> both for the client and the server.
> Using methods TLSv1_server_method for the server and
> TLSv1_client_method for the client.
> 
> Thanks a lot...
> 
> Ozan Alptekin
> 
> 
> 
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to