Hello,
I have a legacy app that I converted to use ssl encryption. I have
everything working, except server authentication.
I'm trying to test the host name in the server's cert post handshake. Using:
void check_cert(SSL *ssl, char *host)
{
X509 *peer;
char peer_CN[256];
if(SSL_get_verify_result(ssl)!=X509_V_OK)
berr_exit("Certificate doesn't verify");
/*Check the cert chain. The chain length
is automatically checked by OpenSSL when
we set the verify depth in the ctx */
/*Check the common name*/
peer=SSL_get_peer_certificate(ssl);
if(peer) {
X509_NAME_get_text_by_NID
(X509_get_subject_name(peer),
NID_commonName, peer_CN, 256);
if(strcasecmp(peer_CN,host))
err_exit("Common name doesn't match host name");
}
}
This routine is being called after the handshake. What happens is
SSL_get_peer_certificate returns null. On the server side the following
error is kicked out:
SSL accept error
23956:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1053:SSL alert number 48
The server's certificate was self signed. I have added the local CA cert to
the file of trusted certs but this had no effect. What am I missing?
Bill
--
View this message in context:
http://www.nabble.com/server-authentication-tp24838738p24838738.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
