Server Certificate verification

[Frank Roeding]

Hi everybody,     my english is not so good, but i try to explain my problem. i connect to a server with my client-application. All works fine if i set had verification off. if i set the verification, the servercertificat was bad (verification- error 19). i think the problem is that i have the wrong CA. How can i get the CA of the servercertificate or how can i set this. At the time i had exported the CA of my own certificate and set it with SSL_CTX_load_verify_locations(). it is from verisign class 1. the servercertificate is from verisign too but a class 3.    ........  SSLeay_add_all_algorithms();  SSL_load_error_strings();  ERR_load_crypto_strings();  meth=SSLv3_client_method();  ctx = SSL_CTX_new (meth);                         CHK_NULL(ctx);  CHK_SSL(err);  int rc = WSAStartup( 2, &wsadata );  sd = socket (AF_INET, SOCK_STREAM, 0);  if (sd==INVALID_SOCKET ){   int lastE=WSAGetLastError();   ERR_print_errors_fp(stderr);  }      sprintf(server,"www.aserver.de");  memset (&sa, '\0', sizeof(sa));  unsigned long naddr;  naddr = inet_addr( server );  if ( naddr != INADDR_NONE )  {   sa.sin_addr.s_addr = naddr;  }  else  {   PHOSTENT phe = gethostbyname( server );   if ( phe == NULL )    CHK_ERR( 1, "gethostbyname" );   sa.sin_addr.s_addr = *( (unsigned long *) (phe->h_addr) );   memcpy( (char *) &sa.sin_addr, phe->h_addr, phe->h_length );  }    sa.sin_family      = AF_INET;  sa.sin_port        = htons     ((short)443);            err = connect(sd, (struct sockaddr*) &sa, sizeof(sa));  CHK_ERR(err, "connect");   //Load my own clientcert from a p12-file   FILE *fp;  EVP_PKEY *pkey;  X509 *cert;  STACK_OF(X509) *ca = NULL;  PKCS12 *p12;    if (!(fp = fopen("mycert.p12", "r"))) {   fprintf(stderr, "Error opening file mycert.p12 \n");  }    p12 = d2i_PKCS12_fp(fp, NULL);  fclose (fp);  if (!p12) {   printf("Error reading PKCS#12 file\n");   ERR_print_errors_fp(stderr);   exit (1);  }    if (!PKCS12_parse(p12, "akey", &pkey, &cert, &ca)) {   printf("Error parsing PKCS#12 file\n");   ERR_print_errors_fp(stderr);   exit (1);  }    PKCS12_free(p12);    SSL_CTX_set_options(ctx,SSL_OP_ALL|SSL_CTX_get_options(ctx));  SSL_CTX_set_info_callback(ctx,(void (__cdecl*)(void))&client_info_callback);  err=SSL_CTX_use_certificate(ctx, cert);  err=SSL_CTX_use_PrivateKey(ctx,pkey);  err=SSL_CTX_set_cipher_list(ctx,SSL3_TXT_RSA_RC4_128_MD5) ;  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER,&verify_callback);  if((!SSL_CTX_load_verify_locations(ctx,"myCa","d:\\mypath")) ||   (!SSL_CTX_set_default_verify_paths(ctx))){   exit(-1);  }     int connErr=0;  ssl = SSL_new (ctx);  SSL_set_connect_state(ssl);  err=SSL_set_fd (ssl, sd);  if (!checkError(ssl,err))  {    exit(-1);  }  err = SSL_connect (ssl); .......     Please help?   Best regards Frank