You need to SSL_CTX_new() before using the context with SSL_CTX_load_verify_locations().
--- "Paul E. Bible" <[EMAIL PROTECTED]> wrote: > Hi there, > > I'm currently working on an application that uses SSL for its Internet > communications. In this applications, I am verifying the certificates > being used, which requires that I execute the > SSL_CTX_load_verify_locations() method as shown below: > > #define CAFILE "root.pem" > #define CADIR NULL > #define CERTFILE "server.pem" > > SSL_CTX *setup_server_ctx() > { > SSL_CTX *ctx; > > *if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1) > int_error("Error loading CA file and/or directory")*; > if (SSL_CTX_set_default_verify_paths(ctx) != 1) > int_error("Error loading default CA file and/or directory"); > ctx = SSL_CTX_new(SSLv3_method()); > if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1) > int_error("Error loading certificate from file"); > if (SSL_CTX_use_PrivateKey_file(ctx, CERTFILE, SSL_FILETYPE_PEM) != 1) > int_error("Error loading private key from file"); > SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, >verify_callback); > SSL_CTX_set_verify_depth(ctx, 4); > > return ctx; > } > > > Unfortunately, when the program executes the SSL_CTX_load_verify_locations() method, >a > Segmentation Fault is signaled. I have ensured that both the root.pem and server.pem > certificates exist and they appear to be valid (i.e., I can view them using the >openssl > command line program). > > My environment is Redhat Linux v7.3 with OpenSSL 0.9.6b-28. > > Any thoughts and/or suggestions?!?! > > Thank you in advance, > Paul > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]