I tried using the openssl s_server . I got the same errors on bothe ends. Here is the output I get on the server side "
Using default temp DH parameters Enter PEM pass phrase: ACCEPT read from 00158A88 [001630E8] (11 bytes => 11 (0xB)) 0000 - 16 03 00 00 37 01 00 00-33 03 ....7...3. 000b - <SPACES/NULS> read from 00158A88 [001630F3] (49 bytes => 49 (0x31)) 0000 - 3e 8b d4 53 ef d9 ea c8-f0 6d 97 98 f7 1d e4 51 >..S.....m.....Q 0010 - 9d 98 52 f4 41 a5 ca 11-0e d9 c9 57 70 d4 56 55 ..R.A......Wp.VU 0020 - 00 00 0c 00 0a 00 05 00-04 00 09 00 03 00 08 01 ................ 0031 - <SPACES/NULS> write to 00158A88 [0016C108] (79 bytes => 79 (0x4F)) 0000 - 16 03 00 00 4a 02 00 00-46 03 00 3e 8b d4 20 f7 ....J...F..>.. . 0010 - 3b 8a 2e 1f b8 8d a7 2e-dd 4a 50 51 77 10 7a aa ;........JPQw.z. 0020 - f4 16 b1 b4 e5 b4 86 7a-f2 56 9c 20 83 78 43 f3 .......z.V. .xC. 0030 - c5 84 7f 7b 32 44 d1 7a-64 3e d3 b0 0b 84 92 34 ...{2D.zd>.....4 0040 - 2b fb 5b 40 2c 24 3a 45-ba 37 c1 b3 00 0a +.[@,$:E.7.... 004f - <SPACES/NULS> write to 00158A88 [0016C108] (640 bytes => 640 (0x280)) 0000 - 16 03 00 02 7b 0b 00 02-77 00 02 74 00 02 71 30 ....{...w..t..q0 0010 - 82 02 6d 30 82 01 d6 a0-03 02 01 02 02 02 00 d7 ..m0............ 0020 - 30 0d 06 09 2a 86 48 86-f7 0d 01 01 04 05 00 30 0...*.H........0 0030 - 81 93 31 0b 30 09 06 03-55 04 06 13 02 55 53 31 ..1.0...U....US1 0040 - 13 30 11 06 03 55 04 08-13 0a 43 61 6c 69 66 6f .0...U....Califo 0050 - 72 6e 69 61 31 11 30 0f-06 03 55 04 07 13 08 4d rnia1.0...U....M 0060 - 69 6c 70 69 74 61 73 31-21 30 1f 06 03 55 04 0a ilpitas1!0...U.. 0070 - 13 18 47 52 49 43 20 43-6f 6d 6d 75 6e 69 63 61 ..GRIC Communica 0080 - 74 69 6f 6e 73 20 49 6e-63 2e 31 16 30 14 06 03 tions Inc.1.0... 0090 - 55 04 0b 13 0d 47 52 49-43 20 43 41 20 41 64 6d U....GRIC CA Adm 00a0 - 69 6e 31 21 30 1f 06 03-55 04 03 13 18 47 52 49 in1!0...U....GRI 00b0 - 43 20 43 65 72 74 69 66-69 63 61 74 65 20 4d 61 C Certificate Ma 00c0 - 6e 61 67 65 72 30 1e 17-0d 30 32 30 36 32 38 30 nager0...0206280 00d0 - 35 34 33 31 36 5a 17 0d-30 34 30 36 32 37 30 35 54316Z..04062705 00e0 - 34 33 31 36 5a 30 60 31-0b 30 09 06 03 55 04 06 4316Z0`1.0...U.. 00f0 - 13 02 55 53 31 0b 30 09-06 03 55 04 08 13 02 43 ..US1.0...U....C 0100 - 41 31 11 30 0f 06 03 55-04 07 13 08 4d 69 6c 70 A1.0...U....Milp 0110 - 69 74 61 73 31 10 30 0e-06 03 55 04 0b 13 07 73 itas1.0...U....s 0120 - 75 70 70 6f 72 74 31 0d-30 0b 06 03 55 04 0a 13 upport1.0...U... 0130 - 04 47 52 49 43 31 10 30-0e 06 03 55 04 03 13 07 .GRIC1.0...U.... 0140 - 73 75 70 70 6f 72 74 30-5c 30 0d 06 09 2a 86 48 support0\0...*.H 0150 - 86 f7 0d 01 01 01 05 00-03 4b 00 30 48 02 41 00 .........K.0H.A. 0160 - be d4 36 8f fc 23 9f e0-98 77 0e 2a b0 7a ee 91 ..6..#...w.*.z.. 0170 - d7 e7 d2 0a 55 32 6e 84-fe 4b e6 d2 1d ff c5 0a ....U2n..K...... 0180 - d6 19 5e e5 d2 a8 04 6a-54 38 86 cb 85 c7 24 1a ..^....jT8....$. 0190 - 89 dc da 11 95 fe dd ca-fa ee 1e 9d 04 98 3d a1 ..............=. 01a0 - 02 03 01 00 01 a3 46 30-44 30 11 06 09 60 86 48 ......F0D0...`.H 01b0 - 01 86 f8 42 01 01 04 04-03 02 06 40 30 0e 06 03 [EMAIL PROTECTED] 01c0 - 55 1d 0f 01 01 ff 04 04-03 02 04 f0 30 1f 06 03 U...........0... 01d0 - 55 1d 23 04 18 30 16 80-14 8e da c8 3b d7 7a 34 U.#..0......;.z4 01e0 - a7 e9 3a a1 a1 5d b7 3b-b3 25 bf cf 42 30 0d 06 ..:..].;.%..B0.. 01f0 - 09 2a 86 48 86 f7 0d 01-01 04 05 00 03 81 81 00 .*.H............ 0200 - 63 60 50 92 ef ba a0 ac-79 9a 45 32 cf a9 d9 d7 c`P.....y.E2.... 0210 - 17 b4 33 87 75 01 6f 84-1c d6 39 af 5b df 77 96 ..3.u.o...9.[.w. 0220 - 00 b6 a9 c2 c2 e8 8a a1-fa e5 a0 61 78 fd d5 7b ...........ax..{ 0230 - 03 85 c0 f1 bc 9e b0 14-7f 8f 50 64 82 34 cc f1 ..........Pd.4.. 0240 - fc 3a 49 00 59 74 e9 61-7a 29 a1 06 12 43 a7 fa .:I.Yt.az)...C.. 0250 - 94 38 50 91 ed be 4c 4f-fa a7 c7 96 13 0b 03 21 .8P...LO.......! 0260 - 6b 08 be c8 7b bd 80 c0-07 a7 86 8a 04 a6 ea cb k...{........... 0270 - 04 b9 8b 53 39 c8 c9 36-80 a0 cc 2f ae 07 98 99 ...S9..6.../.... write to 00158A88 [0016C108] (9 bytes => 9 (0x9)) 0000 - 16 03 00 00 04 0e ...... 0009 - <SPACES/NULS> read from 00158A88 [001630E8] (5 bytes => 5 (0x5)) 0000 - 15 03 00 00 02 ..... read from 00158A88 [001630ED] (2 bytes => 2 (0x2)) 0000 - 02 . 0002 - <SPACES/NULS> ERROR 1626:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:985:SSL alert number 0 1626:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: shutting down SSL CONNECTION CLOSED ACCEPT " Please tell me what can I do now? Thank you, Avinash -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Tuesday, April 01, 2003 6:29 PM To: [EMAIL PROTECTED] Subject: Re: openssl libs vs RSA libs problem On Tue, Apr 01, 2003, Avinash Agarwal wrote: > Hello all, > > > > I have a server implemented using openssl libs and a client which is > implemented using RSA libs. > > > > The handshake is failing and I get the following errors > > > > on the client : > > “ > > - Certificate chain didn't validate: Incomplete certificate > > - CA is Unknown CA > > SSL: Certificate validate failed -- Incomplete certificate > > SSL: Hand shaking failed -- Incomplete certificate. > > SSL: Client closing SSL connection > > “ > > > > on the server: > > “ > > 1653:error:140943E8:SSL > routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:985:SSL alert number 0 > > “ > > > > I also have another client implemented using openssl libs and the > handshake happens fine with the server. > > > > The point where its failing is where the client (with RSA libs) does a > check for verifying the cert chain. > > Its complains that its unable to get the CA-cert. > > > > Could anyone give me pointers on what could be the problem .. is there > some incompatibility between the two libs ? > > > It looks like the client can't verify the servers certificate chain. If there are any intermediate certificates in the chain then the server should send those: you can use the s_client utility with -showcerts to see what it is sending. Also the client needs to trust the servers root CA if it doesn't already. You'll have to check whatever documentation comes with the client to see how to do that. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]