I am adding OpenSSL 0.9.7e to an existing Windows XP application and I am new to OpenSSL. This application is both a TCP server and a TCP client. Since I'm adding OpenSSL support to both the client side and the server side, I thought I could test the OpenSSL changes by having the application connect to itself.
I created a Certificate Authority and the certificates described in "Network Security with OpenSSL", Viega et al, chapter 5. I then used these certificates in the application. However, OpenSSL has problems with these certificates in both SSL_connect() and SSL_accept(). Here are the error messages from SSL_connect(): Error with certificate at depth 0: error 18: self signed certificate. Certificate issuer: /CN=exampleCA/ST=Washington/C=US/[EMAIL PROTECTED]/O=Root Certification Authority. Certificate subject: /CN=exampleCA/ST=Washington/C=US/[EMAIL PROTECTED]/O=Root Certification Authority. error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: . SSL error location: file '.\ssl\s3_clnt.c' line 844. Here are the error messages from SSL_accept(): error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48. SSL error location: file '.\ssl\s3_pkt.c' line 1052. Can anyone tell me why this doesn't work? My guess is that this has something to do with a "self signed certificate", but I'm ignorant of the implications of this. I appreciate any help you can give. ______________________________ John Hoel Product Author Skywire Software 2401 Internet Blvd., Suite 201 Frisco, Texas 75034 (972)377-1110 main (425)396-4687 direct [EMAIL PROTECTED] www.skywiresoftware.com NO RELIANCE: This e-mail will be of no force of effect and will not be binding unless a hard copy of this e-mail, signed by an authorized official of the company, has been sent to the recipient of this message. CONFIDENTIAL AND/OR PROPRIETARY: Information contained in this transmission is intended for the use of the individual or entity named above and may contain legally proprietary or confidential information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this communication is strictly prohibited. If you have received this communication in error, please permanently delete this message and immediately notify us by telephone at 972-377-1110. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]