-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bill Schoolfield wrote:
| Hello,
Hello Bill,
| I have a legacy app that I converted to use ssl encryption. I have
| everything working, except server authentication.
|
| I'm trying to test the host name in the server's cert post
| handshake. Using:
[...]
| I tried adding a call to SSL_CTX_set_verify() thinking this would
| make the server's cert available, but all this did was generate the
| following error on the server:
|
| SSL accept error
| 23956:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
| unknown ca:s3_pkt.c:1053:SSL alert number 48
|
| The server's certificate was self signed. What am I
| missing?
Several things.
The first is:
This is a question concerning the usage of OpenSSL.
Such questions are to be posted in openssl-users.
openssl-dev is for discussing the development of
the OpenSSL library itself.
To give a start for all the other things you and the servers
administrator did do wrong please answer the following question:
How does the client know that the certificate the server
presents belongs to the server you want to connect ?
A hint: checking the commonName field to contain the
name of the host you want to connect is not sufficient,
since everybody could generate a cert with this name in
the commonName field.
Bye
Goetz
- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKewh82iGqZUF3qPYRAg6fAJ4/kSeDytN1ggrNkcxzMwexJZfo2ACffqi0
zs4gWreLbVmxjRZhvBEjHDo=
=e9Ec
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
