Certificate Management

John Cebasek Tue, 16 Oct 2001 10:34:13 -0700

Hi All:

I've been using the example in ComLine in as a test harness and after much
hair pulling and a crash course in sockets, I now can get data from certain
secure servers on a Macintosh!!!


And that's the catch... How come some work and some don't.  Here's some
trace from a site that doesn't work:

        Host Event.. FLUSH passed to
`https://store.apple.com/1-800-MY-APPLE/WebObjects/canadastore.woa/'
.
        .
        .
        HTTP........ Generating HTTP/1.x Request Headers
HTTP........ Generating 
General Headers
Buffer...... Flushing 0x0de0de30
HTSSL New... Created new SSL Object 
0x0de1af10
HTSSL....... Setting up 0x0de1af10 on socket 3
HTSSL....... New reference 
count = 1
SSL_connect: before/connect initialization
SSL_connect: SSLv2/v3 write 
client hello A
depth = 0 /C=US/ST=California/L=Cupertino/O=Apple Computer, 
Inc./OU=Apple
Computer, Inc./OU=Terms of use at www.verisign.com/rpa
(c)00/CN=store.apple.com
verify error: num=20:unable to get local issuer certificate
verify return: 1
depth = 0 /C=US/ST=California/L=Cupertino/O=Apple Computer, 
Inc./OU=Apple
Computer, Inc./OU=Terms of use at www.verisign.com/rpa
(c)00/CN=store.apple.com
verify error: num=27:certificate not trusted
verify return: 1
depth = 0 /C=US/ST=California/L=Cupertino/O=Apple Computer, Inc./OU=Apple
Computer, Inc./OU=Terms of use at www.verisign.com/rpa
(c)00/CN=store.apple.com
verify error: num=21:unable to verify the first certificate
verify return: 1
SSL_connect: SSLv2 read server hello A
SSL_connect: SSLv2 write 
client master key A
SSL_connect: SSLv2 client start encryption
SSL_connect: SSLv2 
write client finished A
SSL_connect: error in SSLv2 read server verify A
SSL_connect: 
error in SSLv2 read server verify A
HTSSLWriter. SSL returned 1
Error....... Add  73   
 Severity: 1 Parameter: `No Error'   Where: `SSLWRITE'
At SSL_Connect, there's a line about certificate not trusted (and other
verify errors), which I believe is the cause of my problems, because on the
sites I can get to, I don't get that.

So, is there an API some place for the certificate management or some sample
code?  Any ideas would be appreciated!

Best regards



John Cebasek
[EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Certificate Management

Reply via email to