hi,

I have defined SSL_library_init rather then 
openSSL_add_all_algorithms to save memory.

I have turned on DES,RC4 in chipers and MD5,SHA in
message digest.

Could you let me know what could be problem.

I can connect to www.thawte.com and X509_verify
is successful. And also i have generated selfsigned
certificate which are working too.

For Ex: www.google.com:443 i cannot connect,
i get error (7).


--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Fri, Jun 06, 2003, rajagopalan ramanujam wrote:
> 
> > hi,
> > 
> > I exported thawte server CA and verisign class3
> > certificates from the browser for testing and
> > converted to C structure using x509 -C -in xxx.cer
> >
> > xxx.C and added to my SSL client. Following is the
> > code below.
> > 
> > I am calling this function in a loop to load the
> > certificates:
> > 
> > unsigned char thawte_cert[791] = {
> > 0x30,0x82...};
> > 
> > unsigned char verisign_cert[576] = {
> > 0x30,0x82...};
> > 
> > 
> > SSL_load_cert(ctx,thawte_cert,791);
> > SSL_load_cert(ctx,verisign_cert,576);
> > 
> > 
> > SSL_load_cert(SSL_CTX *ctx,char *c,int size)
> > {
> >   x = d2i_X509(NULL,&c,size);
> >   cert_store = SSL_CTX_get_cert_store(ctx);
> >   X509_STORE_add_cert(cert_store,x);
> >   return;
> > }
> > 
> > I verified the same certificates in .pem format
> using
> > openssl s_client and its connects to
> > www.paypal.com..but when i connect from my client
> it
> > gives X509_V_ERR_CERT_SIGNATURE_FAILURE.
> > 
> > If i try connecting to www.thwate.com:443 it works
> but
> > it gives the same error when i am trying to
> connect to
> > other servers with thawte signed certificates.
> > 
> > 
> > Can anyone plese let me know what's going on....
> > 
> 
> Well I could say read the FAQ...
> 
> Alternatively since I'm feeling in a good mood I'll
> say its probably a missing
> OpenSSL_add_all_algorithms(). With appologies in
> advance if it isn't :-)
> 
> Steve.
> --
> Dr Stephen N. Henson.
> Core developer of the   OpenSSL project:
> http://www.openssl.org/
> Freelance consultant see:
> http://www.drh-consultancy.demon.co.uk/
> Email: [EMAIL PROTECTED], PGP key:
> via homepage.
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> [EMAIL PROTECTED]
> Automated List Manager                          
[EMAIL PROTECTED]


__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to