On Wed, Mar 26, 2003, rajagopalan ramanujam wrote: > hi, > > I have tested the SSL handshake but failing when > verifying server certificate > X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. I > generated the self signed CA and used the same CAcert > to verify using openssl verify and also using openssl > s_client -verify 1 -CAfile and it seems to be working > perfectly ok. > > Since i dont have a file system on embedded platform i > cannot use SSL_CTX_load_verify_locations(). > > I have converted the CAcert file from base64 format > to C structure using openssl utility and i am calling > SSL_CTX_use_certificate(ctx,x). Still i see that there > is an error some where. I tried calling > SSL_CTX_add_extra_chain_cert, but did not help. >
You need to retrieve the trusted certificate store using SSL_CTX_get_store() and then add the certificate to it using X509_STORE_add_cert(). Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]