Hi everybody,
my english is not so good, but i try to explain my
problem.
i connect to a server with my client-application.
All works fine
if i set had verification off.
if i set the verification, the servercertificat was
bad (verification-
error 19). i think
the problem is that i have the wrong CA. How can i
get the
CA of the servercertificate or how can i set
this.
At the time i had exported the CA of my own
certificate and
set it with SSL_CTX_load_verify_locations(). it
is
from verisign class 1. the servercertificate is
from verisign too
but a class 3.
........
SSLeay_add_all_algorithms(); SSL_load_error_strings(); ERR_load_crypto_strings(); meth=SSLv3_client_method(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); CHK_SSL(err); int rc = WSAStartup( 2, &wsadata ); sd = socket (AF_INET, SOCK_STREAM, 0); if (sd==INVALID_SOCKET ){ int lastE=WSAGetLastError(); ERR_print_errors_fp(stderr); } sprintf(server,"www.aserver.de");
memset (&sa, '\0', sizeof(sa)); unsigned long naddr; naddr = inet_addr( server ); if ( naddr != INADDR_NONE ) { sa.sin_addr.s_addr = naddr; } else { PHOSTENT phe = gethostbyname( server ); if ( phe == NULL ) CHK_ERR( 1, "gethostbyname" ); sa.sin_addr.s_addr = *( (unsigned long *) (phe->h_addr) ); memcpy( (char *) &sa.sin_addr, phe->h_addr, phe->h_length ); } sa.sin_family =
AF_INET;
sa.sin_port = htons ((short)443); err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); //Load my own clientcert from a
p12-file
FILE *fp; EVP_PKEY *pkey; X509 *cert; STACK_OF(X509) *ca = NULL; PKCS12 *p12; if (!(fp = fopen("mycert.p12", "r")))
{
fprintf(stderr, "Error opening file mycert.p12 \n"); } p12 = d2i_PKCS12_fp(fp,
NULL);
fclose (fp); if (!p12) { printf("Error reading PKCS#12 file\n"); ERR_print_errors_fp(stderr); exit (1); } if (!PKCS12_parse(p12, "akey", &pkey,
&cert, &ca)) {
printf("Error parsing PKCS#12 file\n"); ERR_print_errors_fp(stderr); exit (1); } PKCS12_free(p12);
SSL_CTX_set_options(ctx,SSL_OP_ALL|SSL_CTX_get_options(ctx));
SSL_CTX_set_info_callback(ctx,(void (__cdecl*)(void))&client_info_callback); err=SSL_CTX_use_certificate(ctx, cert); err=SSL_CTX_use_PrivateKey(ctx,pkey); err=SSL_CTX_set_cipher_list(ctx,SSL3_TXT_RSA_RC4_128_MD5) ; SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER,&verify_callback); if((!SSL_CTX_load_verify_locations(ctx,"myCa","d:\\mypath")) || (!SSL_CTX_set_default_verify_paths(ctx))){ exit(-1); } int connErr=0; ssl = SSL_new (ctx); SSL_set_connect_state(ssl); err=SSL_set_fd (ssl, sd); if (!checkError(ssl,err)) { exit(-1); } err = SSL_connect (ssl); .......
Please help?
Best regards
Frank
|
- Re: Server Certificate Verification Frank Roeding
- Re: Server Certificate Verification Graeme English
- Re: Server Certificate Verification Lutz Jaenicke
- Re: Server Certificate Verification Graeme English
- Re: Server Certificate Verification Lutz Jaenicke