Hello, I have a legacy app that I converted to use ssl encryption. I have everything working, except server authentication.
I'm trying to test the host name in the server's cert post handshake. Using: void check_cert(SSL *ssl, char *host) { X509 *peer; char peer_CN[256]; if(SSL_get_verify_result(ssl)!=X509_V_OK) berr_exit("Certificate doesn't verify"); /*Check the cert chain. The chain length is automatically checked by OpenSSL when we set the verify depth in the ctx */ /*Check the common name*/ peer=SSL_get_peer_certificate(ssl); if(peer) { X509_NAME_get_text_by_NID (X509_get_subject_name(peer), NID_commonName, peer_CN, 256); if(strcasecmp(peer_CN,host)) err_exit("Common name doesn't match host name"); } } This routine is being called after the handshake. What happens is SSL_get_peer_certificate returns null. On the server side the following error is kicked out: SSL accept error 23956:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1053:SSL alert number 48 The server's certificate was self signed. I have added the local CA cert to the file of trusted certs but this had no effect. What am I missing? Bill -- View this message in context: http://www.nabble.com/server-authentication-tp24838738p24838738.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org