Hi there,
I'm having problem verifying the certificate between server and client on
the sample programs serv.cc and cli.cc in the demo/ssl directory. I've
modified it slightly by adding a SSL_set_verify() callback on both the
server and the client side (so that the certifcates are verified at both
ends). I've got the certifcate and key in separate files, and I'm using
the only one set (the same certificate and key on the server and client
end). My problem is that it keeps coming up with the same error messages
in the callback function:
error 20 at 0 depth lookup:unable to get local issuer certificate
error 27 at 0 depth lookup:certificate not trusted
error 21 at 0 depth lookup:unable to verify the first certificate
I've followed the advice given in some of the posts and the procedure that
I'm doing things are:
SSL_CTX_use_certificate_file(ctx, "ca.crt", SSL_FILETYPE_PEM)
SSL_CTX_use_RSAPrivateKey_file(ctx, "ca.key", SSL_FILETYPE_PEM)
SSL_CTX_check_private_key(ctx)
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
verify_callback);
SSL_CTX_load_verify_locations(ctx,"01.pem","/openssl-0.9.5/ca.db.certs");
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(01.pem));
What steps am I missing/what am I doing wrong?
Cheers,
--Douglas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
