Vinni a écrit :
Hello
i am using SSL_CTX_load_verify_locations() to load the CA certs.
I have another question that ..
How actually the SSL_accept get the client certificate ?? Is its internal
function also fetch the
CA certificate of the client or it check the CA list of its own that is set
The program must check that the issuer of the client certificate is a
trusted CA
This is achieved by verifying that the
the signature of the certificate is conform to the information of the
CA certificate
the above function??
Also is it necessary to have same name of CN and CA certificate. As when got
the error it shows the details of my client cert with issuer and subject.
In issuer it displays all the details whatever i filled during creation...
along with CN name of the CA.
Help me out... :-((
Ambarish Mitra wrote:
vinni rathore a écrit :
hi,
i am stuck with the error "Unable to get local issuer certificate" and
then "SSL3_GET_CLIENT_CERTIFICATE: peer certificate not return".
I have created my own certificates using Openssl.exe . I have created
CACert.pem which is self signed CA certificate and then two other
certificates one is ClientCert.pem and other is ServerCert.pem which
are signed from the CACert.pem.
I have created OpenSSL server and other side a client supporting Other
type of library(XySSL). There is no problem at client side.
Certificate loading got success but verification fails with the above
written error message.
For some reason, the CA cert is not readable by the client.
This looks like a coding error. Unless you give a minimal code snippet
that
has this problem, it
would be difficult to answer. Have you used the function that set the
verify
certificate?
i am using ssl_ctx and its API's for certificate loading and a
callback function for verification using SSL_ctx_set_verify(ctx,
<PEER_Verification MODE>, callback function)
Is something i doing wrong ...???
or anything more required..???
Minimal working code snippet.
please help..
Thanks and regards,
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Ltd. It is intended only for the use of
the individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication in
error, please notify the sender and delete all copies of this message.
Persistent Systems Ltd. does not accept any liability for virus infected
mails.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 71
Email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
