Re: Question about SSL_CTX_load_verify_locations

Tue, 24 Sep 2002 17:26:57 -0700 

You need to SSL_CTX_new() before using the context with 
SSL_CTX_load_verify_locations().


--- "Paul E. Bible" <[EMAIL PROTECTED]> wrote:
> Hi there,
> 
> I'm currently working on an application that uses SSL for its Internet 
> communications.  In this applications, I am verifying the certificates 
> being used, which requires that I execute the 
> SSL_CTX_load_verify_locations() method as shown below:
> 
> #define CAFILE                "root.pem"
> #define CADIR                 NULL
> #define CERTFILE      "server.pem"
> 
> SSL_CTX *setup_server_ctx()
> {
>       SSL_CTX *ctx;
> 
>       *if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1)
>               int_error("Error loading CA file and/or directory")*;
>       if (SSL_CTX_set_default_verify_paths(ctx) != 1)
>               int_error("Error loading default CA file and/or directory");
>       ctx = SSL_CTX_new(SSLv3_method());
>       if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1)
>               int_error("Error loading certificate from file");
>       if (SSL_CTX_use_PrivateKey_file(ctx, CERTFILE, SSL_FILETYPE_PEM) != 1)
>         int_error("Error loading private key from file");
>       SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 
>verify_callback);
>       SSL_CTX_set_verify_depth(ctx, 4);
>       
>       return ctx;
> }
> 
> 
> Unfortunately, when the program executes the SSL_CTX_load_verify_locations() method, 
>a 
> Segmentation Fault is signaled.  I have ensured that both the root.pem and server.pem
> certificates exist and they appear to be valid (i.e., I can view them using the 
>openssl
> command line program).
> 
> My environment is Redhat Linux v7.3 with OpenSSL 0.9.6b-28.
> 
> Any thoughts and/or suggestions?!?!
> 
> Thank you in advance,
> Paul
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]


__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to